Hello Guy Harris
Thanks for your fast response.
Jumbo frames are notused on the CERN
site.
Following is printout of the problem:
1) tcpdump command:
[EMAIL PROTECTED] d]# tcpdump -A port 12509 -s0
-c1000 /tmp/tcpdummedtcpdump: verbose output suppressed, use -v or
-vv
On Aug 25, 2004, at 11:05 AM, David Front wrote:
11:33:55.601653 IP lxfs5623.cern.ch.32962 lcgmon002d.cern.ch.12509:
UDP, length: 1637
UDP, length: 1637 means that the *UDP* packet length is 1637 bytes.
That doesn't mean that the *Ethernet* packet is 1637 bytes, as you note
later:
IP message
On Aug 25, 2004, at 11:09 AM, Guy Harris wrote:
Note, however, that the reassembly is *NOT* done at the low-layer
capture level, so a capture filter of port 12509 will only capture
the first fragment of a fragmented datagram, and Ethereal and
Tethereal will *NOT* be able to reassemble the
tcpdump may not be the right tool for the job, but considerable work has
been done on IP flows.
You might want to look at tcptrace, or a flows analysis package like
Coralreef, or a flow probe like fprobe or ntop.
http://jarok.cs.ohiou.edu/software/tcptrace/tcptrace.html
