Understanding TCPDUMP

i m new to linux, plz tell me how and where can i find info related to
the TCPDUMP program output...i m not able to understand completely the
fields actually the program(tcpdump) displays...linux mauals don't help
much other then specifying the various parameters...in fact the problem
is not only with TCPDUMP but the other programs too like ARP, IFCONFIG
and many more...any help is appreciated...thnx in adv.

"Rav" <(E-Mail Removed)> writes:

>i m new to linux, plz tell me how and where can i find info related to
>the TCPDUMP program output...i m not able to understand completely the
>fields actually the program(tcpdump) displays...linux mauals don't help
>much other then specifying the various parameters...in fact the problem
>is not only with TCPDUMP but the other programs too like ARP, IFCONFIG
>and many more...any help is appreciated...thnx in adv.

Look for the book "TCP/IP Ilustrated, Volume I" from W. R. Stevens,
ISBN 0-201-63346-9

matthias
--
Matthias Apitz
Manager Technical Support - OCLC PICA GmbH
Gruenwalder Weg 28g - 82041 Oberhaching - Germany
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <(E-Mail Removed)> - w http://www.oclcpica.org/ http://guru.UnixLand.de/

In comp.os.linux.networking Rav <(E-Mail Removed)>:
> i m new to linux, plz tell me how and where can i find info related to

And have problems because you aren't even using it.

> the TCPDUMP program output...i m not able to understand completely the
> fields actually the program(tcpdump) displays...linux mauals don't help
> much other then specifying the various parameters...in fact the problem

Exactly what man pages are intended for.

Try:

info tcpdump

As start.

Good luck

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 448: vi needs to be upgraded to vii

Rav <(E-Mail Removed)> wrote:
> i m new to linux, plz tell me how and where can i find info related
> to the TCPDUMP program output...i m not able to understand
> completely the fields actually the program(tcpdump) displays...linux
> mauals don't help much other then specifying the various
> parameters...in fact the problem is not only with TCPDUMP but the
> other programs too like ARP, IFCONFIG and many more...any help is
> appreciated...thnx in adv.

understanding the output of tcpdump requires an understanding of the
protocols tcpdump is displaying for you. for that you need to go to
the RFC's which describe the protocols, or the aforementioned works of
the late W. Richard Stevens.

rick jones
--
portable adj, code that compiles under more than one compiler
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

"Rav" <(E-Mail Removed)> wrote in news:1162396420.202269.14760
@i42g2000cwa.googlegroups.com:

> i m new to linux, plz tell me how and where can i find info related to
> the TCPDUMP program output...i m not able to understand completely the
> fields actually the program(tcpdump) displays...linux mauals don't help
> much other then specifying the various parameters...in fact the problem
> is not only with TCPDUMP but the other programs too like ARP, IFCONFIG
> and many more...any help is appreciated...thnx in adv.
>

If you send the data captured by tcpdump to a file using -w, you can use
ethereal to read and display the file in a graphical window with the
protocols etc interpreted for you.

Klazmon

Llanzlan Klazmon the 15th <(E-Mail Removed)> wrote:
> "Rav" <(E-Mail Removed)> wrote in news:1162396420.202269.14760
> @i42g2000cwa.googlegroups.com:

>> i m new to linux, plz tell me how and where can i find info related
>> to the TCPDUMP program output...i m not able to understand
>> completely the fields actually the program(tcpdump)
>> displays...linux mauals don't help much other then specifying the
>> various parameters...in fact the problem is not only with TCPDUMP
>> but the other programs too like ARP, IFCONFIG and many more...any
>> help is appreciated...thnx in adv.

> If you send the data captured by tcpdump to a file using -w, you can
> use ethereal to read and display the file in a graphical window with
> the protocols etc interpreted for you.

Using -v or -vv or such with tcpdump can do (in ascii) something quite
similar. That will handle the syntax of the fields and such, but does
little to help with understanding their semantics. For that you still
need to go to the RFC's and/or books.

rick jones
--
web2.0 n, the dot.com reunion tour...
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...