Date: Wed, 1 Apr 2009 09:53:05 +0400 From: pluknet <pluknet@gmail.com> To: Dan Nelson <dnelson@allantgroup.com> Cc: FreeBSD Stable Mailing List <freebsd-stable@freebsd.org> Subject: Re: incorrect port value in tcpdump output Message-ID: <a31046fc0903312253s35ccb65bu8d460b415e5b8748@mail.gmail.com> In-Reply-To: <20090331223024.GA70541@dan.emsphone.com> References: <a31046fc0903311315s2ff30e88jd78b0df036f00a53@mail.gmail.com> <20090331223024.GA70541@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/4/1 Dan Nelson <dnelson@allantgroup.com>: > In the last episode (Apr 01), pluknet said: >> tcpdump'ed from RELENG_7, kernel and modules as of Mar 22 are in sync, >> world as of Mar 18. >> >> I caught this while building kernel via NFS. The subj host is an NFS ser= ver. >> >> 23:22:03.056098 IP (tos 0x0, ttl 64, id 26932, offset 0, flags [DF], pro= to TCP (6), length 160) 172.17.5.168.2355868444 > 172.17.5.167.2049: 108 ge= tattr [|nfs] >> =A0 =A0 =A0 =A0 0x0000: =A04500 00a0 6934 4000 4006 6db2 ac11 05a8 >> =A0 =A0 =A0 =A0 0x0010: =A0ac11 05a7 0396 0801 7631 7eb4 37c6 db06 >> =A0 =A0 =A0 =A0 0x0020: =A08018 40cc 54c6 0000 0101 080a 00a5 d95b >> =A0 =A0 =A0 =A0 0x0030: =A0da0f fa92 8000 0068 8c6b b31c 0000 0000 >> =A0 =A0 =A0 =A0 0x0040: =A00000 0002 0001 86a3 0000 0003 0000 0001 >> =A0 =A0 =A0 =A0 0x0050: =A00000 >> 23:22:03.056180 IP (tos 0x0, ttl 128, id 10841, offset 0, flags [DF], pr= oto TCP (6), length 168) 172.17.5.167.2049 > 172.17.5.168.2355868444: reply= ok 116 getattr [|nfs] >> =A0 =A0 =A0 =A0 0x0000: =A04500 00a8 2a59 4000 8006 6c85 ac11 05a7 >> =A0 =A0 =A0 =A0 0x0010: =A0ac11 05a8 0801 0396 37c6 db06 7631 7f20 >> =A0 =A0 =A0 =A0 0x0020: =A08018 71c7 7a07 0000 0101 080a da0f fa93 >> =A0 =A0 =A0 =A0 0x0030: =A000a5 d95b 8000 0070 8c6b b31c 0000 0001 >> =A0 =A0 =A0 =A0 0x0040: =A00000 0000 0000 0000 0000 0000 0000 0000 >> =A0 =A0 =A0 =A0 0x0050: =A00000 >> >> If you'd look in tcp header then 2355868444 value should be 918 actually >> (as htons(918) returns expected 9603 in hex (0396 in net order)). > > That's not the port number; that's the NFS transaction id. =A0See the tcp= dump > manpage, under the section "NFS Requests and Replies". > Gah.. thank you, I was too dumb to read the man page. --=20 wbr, pluknet
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a31046fc0903312253s35ccb65bu8d460b415e5b8748>