From owner-freebsd-questions@FreeBSD.ORG Fri Sep 5 06:02:08 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F14E1065673 for ; Fri, 5 Sep 2008 06:02:08 +0000 (UTC) (envelope-from mahan@mahan.org) Received: from ns.mahan.org (ns.mahan.org [67.116.10.138]) by mx1.freebsd.org (Postfix) with ESMTP id DFE848FC17 for ; Fri, 5 Sep 2008 06:02:07 +0000 (UTC) (envelope-from mahan@mahan.org) Received: from widowmaker.local (crowTrobot [67.116.10.140]) by ns.mahan.org (8.13.6/8.13.6) with ESMTP id m8565MFE027483; Thu, 4 Sep 2008 23:05:23 -0700 (PDT) (envelope-from mahan@mahan.org) Message-ID: <48C0CB59.2080202@mahan.org> Date: Thu, 04 Sep 2008 23:02:01 -0700 From: Patrick Mahan User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.1.16) Gecko/20080707 Thunderbird/2.0.0.16 Mnenhy/0.7.5.0 MIME-Version: 1.0 To: EdwardKing References: <00db01c90e4d$2f6293f0$3f83a8c0@neusofteaf5839> In-Reply-To: <00db01c90e4d$2f6293f0$3f83a8c0@neusofteaf5839> Content-Type: text/plain; charset=GB2312 Content-Transfer-Encoding: 7bit Cc: FreeBSD Subject: Re: How to view TCP advertised window by using tcpdump? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2008 06:02:08 -0000 EdwardKing presented these words - circa 9/3/08 10:15 PM-> > I use TCP client to connect daytimesesrver which port is 13,I want to know how to use tcpdump to view TCP advertised window? Where is the TCP advertised window in the tcpdump result? > > Thanks > When you run tcpdump, for tcp packets, look for the 'win' string. For example, looking at a pop3 stream I see - tcpdump -i rl0 -s 1500 tcp and port pop3 [...] 23:00:38.371059 IP 10.0.0.10.pop3 > 10.0.0.1.33656: P 13468:14292(824) ack 96 win 33304 23:00:38.373003 IP 10.0.0.1.33656 > 10.0.0.10.pop3: . ack 14292 win 65535 23:00:38.629916 IP 10.0.0.1.33656 > 10.0.0.10.pop3: P 96:104(8) ack 14292 win 65535 23:00:38.630021 IP 10.0.0.10.pop3 > 10.0.0.1.33656: P 14292:14325(33) ack 104 win 33304 The "win" indicates the advertised window. So 10.0.0.10 is advertising a window of 33304 bytes and 10.0.0.1 is advertising a window of 65535 bytes. Try 'man tcpdump'. Patrick > > ---------------------------------------------------------------------------------------------- > Confidentiality Notice: The information contained in this e-mail and any > accompanying attachment(s) is intended only for the use of the intended > recipient and may be confidential and/or privileged of Neusoft Corporation, its subsidiaries and/or its affiliates. If any reader of this communication is not the intended recipient, unauthorized use, forwarding, printing, storing, disclosure or copying is strictly prohibited, and may be unlawful. If you have received this communication in error, please immediately notify the sender by return e-mail, and delete the original message and all copies from your system. Thank you. > ----------------------------------------------------------------------------------------------- > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > >