hi, my apologies if this is the wrong place to send this. I didn't see anywhere else to submit bug reports on http://www.tcpdump.org/ I notice that when I record a tcpdump 3.61 using 'tcpdump -w ...' and then try to read it back using 'tcpdump -r' the following strange thing happens: if I read the file in using 'tcpdump -r' the sequence numbers on tcp packets are one off from the sequence numbers when I read the file using 'tcpdump -r src hostname'. Here's an example: % tcpdump -w t.o tcp and port 5001 & % ttcp -t -s tuesday % (kill tcpdump) % tcpdump -r t.o | fgrep 15:37:40.281973 15:37:40.281973 monday.1120 > tuesday.5001: P 46337:47785(1448) ack 1 win 39062 <nop,nop,timestamp 102779314 102780069> (DF) % tcpdump -r t.o src monday | fgrep 15:37:40.281973 15:37:40.281973 monday.1120 > tuesday.5001: P 46336:47784(1448) ack 1 win 39062 <nop,nop,timestamp 102779314 102780069> (DF) As you can see, the start and end sequence numbers reported are one off from each other when I specify a src filter than when I don't specify one. Anyone else seen this, and if so, is there a bugfix for it? Thanks - Mike Schwartz - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
