Re: two general questions tcpdump

[Aaron Turner <synfinatic () gmail com>]

On Wed, May 13, 2009 at 11:28 PM, Andrej van der Zee
<andrejvanderzee () gmail com> wrote:
> Hi,
>
> I could not find any users-list for tcpdump, so I am sorry if I offend
> anybody.
>
> I have two questions about tcpdump:
>
> 1) I get many UDP packages that have an IP that is not bound to one of my
> interfaces, like this one (the local IP is 10.69.26.61.22):
> 1240473922.435472 00:1a:64:79:b9:4c > ff:ff:ff:ff:ff:ff, IPv4, length 550:
> 10.69.26.35.32768 > 10.69.26.255.9900: UDP, length 504
> Now it turns out that 10.69.26.35 is the IP of my gateway. I was wondering
> why they are logged.

This is a broadcast message sent by your gateway to all hosts on the network.

> 2) Is it possible to get the options of tcpdump that were given on the
> command from a .cap file? The problem is that I get .cap files from another
> department, and I want to check the interface(s) and IP(s) (and maybe other
> usefull info).

Sorry, but that information isn't stored in pcap files.


-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.