[olug] tcpdump output question
Dave H
dave_cog at hotmail.com
Tue Oct 1 14:14:04 UTC 2002
Running redhat 7.3, when I do this:
[root at isengard dave]# /usr/sbin/tcpdump -x -X -vv -n udp
Every three packet-headers looks just like this:
17:16:09.711666 src-ip.4874 > dest-ip.31091: udp 3873 (frag 56101:1456 at 0+)
(ttl 4, len 1476)
-snip ASCII and HEX garbage-
17:16:09.712874 src-ip > dest-ip: (frag 56101:1456 at 1456+) (ttl 4, len 1476)
-snip ASCII and HEX garbage-
17:16:09.713686 src-ip > dest-ip: (frag 56101:969 at 2912) (ttl 4, len 989)
-snip ASCII and HEX garbage-
and then the headers repeat themselves. But my question is how come only
the first header has source/destination port numbers? All of these should
be UDP packets since those are the only type of packets i told tcpdump to
look at, so all headers should include source/destination ip addresses...
right?
All these udp packets are from the same application, so they should all have
the same src/dst port address. in fact when the pattern repeats every 3
packets the src/dst port numbers are the same as the previous bunch.
Does anyone know?
ps, if you are interested, these are packets from streaming media.
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
More information about the OLUG
mailing list