tcpdump mailing list archives
large packets parsing using TcpDump
From: "Mali Shternhell" <malis () voltaire com>
Date: Tue, 30 Nov 2010 08:24:38 +0200
Hi, I'm using TcpDump in order to capture snmp request-response messages. When the response packet is larger than 1468 TcpDump fail to capture the packet (capture below, failed lines are in red) I'm using the command: tcpdump -s 200 -xxni eth0 port 161 Can you please assist? 08:00:26.768885 IP 172.30.9.16.33520 > 172.30.9.40.snmp: GetNextRequest(29) .1.3.6.1.2.1.17.7.1.4 0x0000: 0008 f140 bc21 0026 5522 e86a 0800 4500 0x0010: 0048 0000 4000 4011 d030 ac1e 0910 ac1e 0x0020: 0928 82f0 00a1 0034 6aba 302a 0201 0104 0x0030: 0670 7562 6c69 63a1 1d02 0420 6640 c802 0x0040: 0100 0201 0030 0f30 0d06 092b 0601 0201 0x0050: 1107 0104 0500 08:00:26.812549 IP 172.30.9.40.snmp > 172.30.9.16.33520: GetResponse(35) .1.3.6.1.2.1.17.7.1.4.2.1.3.1.1=1 0x0000: 0026 5522 e86a 0008 f140 bc21 0800 4500 0x0010: 004e 0000 4000 4011 d02a ac1e 0928 ac1e 0x0020: 0910 00a1 82f0 003a e216 3030 0201 0104 0x0030: 0670 7562 6c69 63a2 2302 0420 6640 c802 0x0040: 0100 0201 0030 1530 1306 0e2b 0601 0201 0x0050: 1107 0104 0201 0301 0142 0101 08:00:26.812861 IP 172.30.9.16.33520 > 172.30.9.40.snmp: GetNextRequest(34) .1.3.6.1.2.1.17.7.1.4.2.1.3.1.1 0x0000: 0008 f140 bc21 0026 5522 e86a 0800 4500 0x0010: 004d 0000 4000 4011 d02b ac1e 0910 ac1e 0x0020: 0928 82f0 00a1 0039 6abf 302f 0201 0104 0x0030: 0670 7562 6c69 63a1 2202 0420 6640 c902 0x0040: 0100 0201 0030 1430 1206 0e2b 0601 0201 0x0050: 1107 0104 0201 0301 0105 00 08:00:27.612670 IP 172.30.9.40.snmp > 172.30.9.16.33520: [len1468<asnlen4663] 0x0000: 0026 5522 e86a 0008 f140 bc21 0800 4500 0x0010: 05dc f88e 2000 4011 f20d ac1e 0928 ac1e 0x0020: 0910 00a1 82f0 1243 8d7c 3082 1237 0201 0x0030: 0104 0670 7562 6c69 63a2 8212 2802 0420 0x0040: 6640 c902 0100 0201 0030 8212 1830 8212 0x0050: 1406 0e2b 0601 0201 1107 0104 0201 0401 0x0060: 0104 8212 0000 0000 0000 0000 0000 0000 0x0070: 0000 0000 0000 0000 0000 0000 0000 0000 0x0080: 0000 0000 00ff ffff 0000 0000 0000 0000 0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 0x00a0: 0000 0000 00ff ffff 0000 0000 0000 0000 0x00b0: 0000 0000 0000 0000 0000 0000 0000 0000 0x00c0: 0000 0000 00ff ffff 08:00:27.614340 IP 172.30.9.16.33520 > 172.30.9.40.snmp: GetNextRequest(34) .1.3.6.1.2.1.17.7.1.4.2.1.4.1.1 0x0000: 0008 f140 bc21 0026 5522 e86a 0800 4500 0x0010: 004d 0000 4000 4011 d02b ac1e 0910 ac1e 0x0020: 0928 82f0 00a1 0039 6abf 302f 0201 0104 0x0030: 0670 7562 6c69 63a1 2202 0420 6640 ca02 0x0040: 0100 0201 0030 1430 1206 0e2b 0601 0201 0x0050: 1107 0104 0201 0401 0105 00 08:00:35.289810 IP 172.30.9.40.snmp > 172.30.9.16.33520: [len1468<asnlen4663] 0x0000: 0026 5522 e86a 0008 f140 bc21 0800 4500 0x0010: 05dc f88f 2000 4011 f20c ac1e 0928 ac1e 0x0020: 0910 00a1 82f0 1243 8b7c 3082 1237 0201 0x0030: 0104 0670 7562 6c69 63a2 8212 2802 0420 0x0040: 6640 ca02 0100 0201 0030 8212 1830 8212 0x0050: 1406 0e2b 0601 0201 1107 0104 0201 0501 0x0060: 0104 8212 0000 0000 0000 0000 0000 0000 0x0070: 0000 0000 0000 0000 0000 0000 0000 0000 0x0080: 0000 0000 00ff ffff 0000 0000 0000 0000 0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 Best Regards, Mali Shternhell, SW Engineer at Voltaire - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- large packets parsing using TcpDump Mali Shternhell (Nov 30)
- Re: large packets parsing using TcpDump Guy Harris (Nov 30)
- Re: large packets parsing using TcpDump Mali Shternhell (Dec 01)
- Re: large packets parsing using TcpDump Guy Harris (Dec 01)
- Re: large packets parsing using TcpDump Mali Shternhell (Dec 01)
- Re: large packets parsing using TcpDump Guy Harris (Nov 30)