Re: Newbie user question: Getting packets from

[KEVIN ZEMBOWER <KZEMBOWE () jhuccp org>]

Output is:

kevinz@www:~$ su -
Password: 
www:~# tcpdump -d src host centernet.jhuccp.org and \( ip proto \\tcp or \\udp \)
(000) ldh      [12]
(001) jeq      #0x800           jt 2    jf 8
(002) ld       [26]
(003) jeq      #0xa281e1c0      jt 4    jf 8
(004) ldb      [23]
(005) jeq      #0x6             jt 7    jf 6
(006) jeq      #0x11            jt 7    jf 8
(007) ret      #96
(008) ret      #0
www:~# tcpdump src host centernet.jhuccp.org and \( ip proto \\tcp or \\udp \)
tcpdump: listening on eth0
15:33:05.757014 virtual.jhuccp.org.59313 > ns1.jhmi.edu.domain:  37894+ AAAA? centernet.jhuccp.org. (38) (DF)
15:33:05.758609 ns1.jhmi.edu.domain > virtual.jhuccp.org.59313:  37894* 0/1/0 (97) (DF)
15:33:05.758927 virtual.jhuccp.org.59313 > ns1.jhmi.edu.domain:  37895+ A? centernet.jhuccp.org. (38) (DF)
15:33:05.765150 ns1.jhmi.edu.domain > virtual.jhuccp.org.59313:  37895* 1/2/2 A 162.129.225.192 (130) (DF)

4 packets received by filter
0 packets dropped by kernel
www:~# tcpdump -h
tcpdump version 3.6
libpcap version 0.6
Usage: tcpdump [-adeflnNOpqStuvxX] [-c count] [ -F file ]
                [ -i interface ] [ -r file ] [ -s snaplen ]
                [ -T type ] [ -w file ] [ expression ]
www:~# 

Thanks, again, Guy.

-Kevin

> > > guy () alum mit edu 09/27/04 03:32PM >>>
KEVIN ZEMBOWER wrote:

> As you can see, I'm still getting packets from ns1.jhmi.edu on the DNS port.

What does the command

        tcpdump -d src host centernet.jhuccp.org and \( ip proto \\tcp or \\udp \)

print?

> If it helps, I'm using bash 2.05 on a Debian woody (stable, 3.0) distro
> running kernal 2.4.18.

The bash and kernel versions probably aren't the most important version 
numbers - the libpcap version is.

What does

        tcpdump -h

print?
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.