tcpdump mailing list archives
Re: match by tcp sequence number?
From: "Mike Mohr" <akihana () gmail com>
Date: Mon, 16 Jul 2007 10:52:38 -0700
Jan, Thank you for your reply. In the meantime I have also discovered a great reference that you may or may not already know of: http://packet.node.to/hacks/byte_offsets.txt Of course you folks already know everything listed there, but for people like myself it is quite handy. Is there a way to match by a portion of the payload of a given packet, or do I have to do that in my callback? TIA Mike On 7/14/07, Jan C. Nordholz <jckn () gmx net> wrote:
Hi, > I'm trying to write a filter for a small pcap application. I need to > match by the tcp sequence number, as I'm only interested in packets > with sequence number 1. I know I can match by octet, using e.g. > tcp[13] == ???, but the sequence field is 4 octets (32-bit). How can > I match against this field? tcp[4:4] should work. The manpage states that you can use expressions like >> proto [ expr : size ] in your match string. Regards, Jan - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- match by tcp sequence number? Mike Mohr (Jul 14)
- Re: match by tcp sequence number? Jan C. Nordholz (Jul 14)
- Re: match by tcp sequence number? Mike Mohr (Jul 16)
- Re: match by tcp sequence number? Jan C. Nordholz (Jul 14)