Re: tcpdump -q option

[Guy Harris <guy () alum mit edu>]

Latha G wrote:

> The purpose of tcpdump -q option is given as   Print less protocol
> information so  output lines are shorter.
> Less protocol Information means how much less?

It depends on the protocol.

For example, for TCP, without "-q", tcpdump 3.8.3 prints

	12:05:11.208835 IP client.60784 > server.http: S 
2247021960:2247021960(0) win 65535 <mss 1460,nop,wscale 
0,nop,nop,timestamp 640171993 0>
	12:05:11.223156 IP server.http > client.60784: S 
1177413861:1177413861(0) ack 2247021961 win 5792 <mss 
1460,nop,nop,timestamp 63801102 640171993,nop,wscale 0>
	12:05:11.223296 IP client.60784 > server.http: . ack 1 win 65535 
<nop,nop,timestamp 640171993 63801102>

for the initial 3-way handshake for an HTTP connection, and with "-q", 
it prints

        12:05:23.210905 IP client.60785 > server.http: tcp 0
        12:05:23.225955 IP server.http > client.60785: tcp 0
        12:05:23.226091 IP client.60785 > server.http: tcp 0

> I used tcpdump -q ,the message came from tcpdump is
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> It capturing 96 bytes of data[same as for all options],  so how come it
> prints less information?

It prints less information because you ran it with the "-q" flag.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.