Date: Wed, 3 Nov 1999 09:43:52 -0600 From: Dan Nelson <dnelson@emsphone.com> To: Cliff Addy <fbsdlist@federation.addy.com> Cc: questions@FreeBSD.ORG Subject: Re: help reading tcpdump output Message-ID: <19991103094352.A53581@dan.emsphone.com> In-Reply-To: <Pine.BSF.3.95q.991103103343.10481A-100000@federation.addy.com>; from fbsdlist@federation.addy.com on Wed, Nov 03, 1999 at 10:36:03AM -0500 References: <199909241425.AA052523114@broccoli.graphics.cornell.edu> <Pine.BSF.3.95q.991103103343.10481A-100000@federation.addy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Nov 03), Cliff Addy said: > We're swapping nameservice to a new machine and I ran tcpdump to watch > what's still going to port 25 on the old machine. I'm seeing a lot of > strange packets I don't understand, such as > > 10:31:26.360261 207.115.59.220.53 > 207.239.68.2.53: 16144 (30) > 10:31:28.991805 209.180.245.130.53 > 207.239.68.2.53: 757 (37) > 10:31:29.846414 131.15.136.2.8673 > 207.239.68.2.53: 61184 (32) > 10:31:30.520673 194.22.190.5.3693 > 207.239.68.2.53: 48437 (35) > 10:31:33.071580 152.163.189.173.4393 > 207.239.68.2.53: 49123 (35) Port 53 is DNS lookups. The default 'snarf' length that tcpdump uses is 68 bytes per packet, which is only enough to print the basic IP/TCP/UDP information. The tcpdump manpage suggests -s 128 as a starting point if you want to view DNS packets in full. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991103094352.A53581>