tcpdump mailing list archives
Re: two general questions tcpdump
From: Aaron Turner <synfinatic () gmail com>
Date: Thu, 14 May 2009 09:59:32 -0700
On Wed, May 13, 2009 at 11:28 PM, Andrej van der Zee <andrejvanderzee () gmail com> wrote:
Hi, I could not find any users-list for tcpdump, so I am sorry if I offend anybody. I have two questions about tcpdump: 1) I get many UDP packages that have an IP that is not bound to one of my interfaces, like this one (the local IP is 10.69.26.61.22): 1240473922.435472 00:1a:64:79:b9:4c > ff:ff:ff:ff:ff:ff, IPv4, length 550: 10.69.26.35.32768 > 10.69.26.255.9900: UDP, length 504 Now it turns out that 10.69.26.35 is the IP of my gateway. I was wondering why they are logged.
This is a broadcast message sent by your gateway to all hosts on the network.
2) Is it possible to get the options of tcpdump that were given on the command from a .cap file? The problem is that I get .cap files from another department, and I want to check the interface(s) and IP(s) (and maybe other usefull info).
Sorry, but that information isn't stored in pcap files. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- two general questions tcpdump Andrej van der Zee (May 14)
- Re: two general questions tcpdump Aaron Turner (May 14)