tcpdump output

hampel · 07-17-2003, 03:19 AM

Hello,

what means the '74' in this line?

09:41:30.052039 192.168.1.98.20127 > 192.168.1.2.22289: udp 74 (ttl 127, id 25246, len 102)

Thanks for help!

dai · 07-17-2003, 08:11 AM

not sure as Ive not used tcpdump but it looks like the UDP port number

or

maybe the size of the UDP packet

hampel · 07-17-2003, 09:36 AM

Hi,

now the port number is this behind the ip!

any suggestions?

german · 07-17-2003, 09:57 AM

I believe it has something to do with the flags set on the packet. The port numbers are bold, length is italics.

09:41:30.052039 192.168.1.98.20127 > 192.168.1.2.22289: udp 74 (ttl 127, id 25246, len 102)

hampel · 07-17-2003, 11:02 AM

I get packets with 'value' 44 or 165 instead of 74, too!

dai · 07-17-2003, 11:09 AM

Perhaps it indicates the size of the payload of the packet rather than the size of the whole packet????

hampel · 07-17-2003, 02:23 PM

i get many packets, and only with these numbers!
it guess it's the small icon in my taskbar (windows) which checks for new e-mail!

phoeniXflame · 07-17-2003, 02:44 PM

if my memmory serves me correctly its the size of the packets not including udp and ip protocol headers

dai · 07-17-2003, 04:18 PM

Quote:

Originally posted by phoeniXflame
if my memmory serves me correctly its the size of the packets not including udp and ip protocol headers

Yeah it sounds like its just the payload of the packet

hampel · 07-18-2003, 12:53 AM

Thanks!!