[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

Deciphering TCPDUMP

Can someone give me a site that breaks down the output of TCPDUMP? Here is a sample output that i cant figure out:

21:52:32.058766 d196-tanna.net.1023 > praise.com.http: S 432195:432211(16) win 10052
21:52:32.228766 d196-tanna.net.1025 > ns1.tanna.net.domain: 39598+ (42)
21:52:32.658766 ns1.tanna.net.domain > d196-tanna.net.1025: 39598* 1/3/3 (203) (DF)
21:52:32.658766 d196-tanna.net.1027 > ns1.tanna.net.domain: 39599+ (46)
21:52:32.918766 ns1.tanna.net.domain > d196-tanna.net.1027: 39599* 1/2/2 (187) (DF)
21:52:32.918766 d196-tanna.net.1028 > ns1.tanna.net.domain: 39600+ (45)
21:52:33.158766 ns1.tanna.net.domain > d196-tanna.net.1028: 39600* 1/2/2 (160) (DF)

I understand the first line in that it is sending a "S"YN request with a ISN (Initial Sequence #) of 432195 and it appears to be sending a data packet of 16 bytes in size with a window size of a little of 10k.  Besides that i have no idea what the rest is saying ie. "DF", "*", "1/2/2", ".", etc...

Is there a site that breaks down this information or is the best way just to play around with it?

1 Solution
looks like an DNS answer, (DF) means don't fragment IP (see man tcpdump)

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now