Re: [tcpdump-workers] tcpdump reporting usecs incorrect, leastsignificant 3 digits not changing

Mon, 02 Jul 2001 23:00:42 -0700 

On Mon, 2 Jul 2001, Guy Harris wrote:
> You might want to download an unmodified libpcap *and* tcpdump from
> tcpdump.org, put their source directories under the same source
> directory, and then build libpcap and then tcpdump, to ensure that you
> have an unmodified tcpdump that's built with an unmodified libpcap
> ("ldd", when run on that tcpdump, should *NOT* report that it's
> dynamically linked with "libpcap"!), and then try that one; that will
> make sure that it's *not* using the libpcap that came with your OS, and
> that it's not using the "turbo mode" code.  (It should *NOT* print out
> any message of the sort that the Red Hat tcpdump did - not even if it
> says something different.)

For simplicity, I suggest getting:

ftp://ftp.redhat.com/redhat/linux/rawhide/SRPMS/SRPMS/tcpdump-3.6.2-6.src.rpm

Rebuilding it:

rpm --rebuild tcpdump-3.6.2-6.src.rpm

And installing the binaries from /usr/src/redhat/RPMS/i386/.

FWIW, I'm seeing this on the latest errata kernel (2.4.3-12) and above
binaries:

(capturing on yyy.yyy.4.140)
08:57:09.203862 xxx.xxx.160.1.ssh > yyy.yyy.4.140.34681: P 1897:1937(40) ack 1840 win 
31856 <nop,nop,timestamp 688937563 189710905>
08:57:09.203862 yyy.yyy.4.140.34681 > xxx.xxx.160.1.ssh: . ack 1937 win 63504 
<nop,nop,timestamp 189710906 688937563> (DF) [tos 0x10]
08:57:09.373847 yyy.yyy.4.140.34681 > xxx.xxx.160.1.ssh: P 1840:1880(40) ack 1937 win 
63504 <nop,nop,timestamp 189710923 688937563> (DF) [tos 0x10]
08:57:09.383846 xxx.xxx.160.1.ssh > yyy.yyy.4.140.34681: P 1937:1977(40) ack 1880 win 
31856 <nop,nop,timestamp 688937581 189710923>
08:57:09.383846 yyy.yyy.4.140.34681 > xxx.xxx.160.1.ssh: . ack 1977 win 63504 
<nop,nop,timestamp 189710924 688937581> (DF) [tos 0x10]
08:57:09.473838 yyy.yyy.4.140.34681 > xxx.xxx.160.1.ssh: P 1880:1920(40) ack 1977 win 
63504 <nop,nop,timestamp 189710933 688937581> (DF) [tos 0x10]

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

Reply via email to