LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-17-2003, 03:19 AM   #1
hampel
Member
 
Registered: Jun 2003
Posts: 62

Rep: Reputation: 15
tcpdump output


Hello,

what means the '74' in this line?

09:41:30.052039 192.168.1.98.20127 > 192.168.1.2.22289: udp 74 (ttl 127, id 25246, len 102)

Thanks for help!
 
Old 07-17-2003, 08:11 AM   #2
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Rep: Reputation: 30
not sure as Ive not used tcpdump but it looks like the UDP port number

or

maybe the size of the UDP packet

Last edited by dai; 07-17-2003 at 08:17 AM.
 
Old 07-17-2003, 09:36 AM   #3
hampel
Member
 
Registered: Jun 2003
Posts: 62

Original Poster
Rep: Reputation: 15
Hi,

now the port number is this behind the ip!

any suggestions?
 
Old 07-17-2003, 09:57 AM   #4
german
Member
 
Registered: Jul 2003
Location: Toronto, Canada
Distribution: Debian etch, Gentoo
Posts: 312

Rep: Reputation: 30
I believe it has something to do with the flags set on the packet. The port numbers are bold, length is italics.

09:41:30.052039 192.168.1.98.20127 > 192.168.1.2.22289: udp 74 (ttl 127, id 25246, len 102)
 
Old 07-17-2003, 11:02 AM   #5
hampel
Member
 
Registered: Jun 2003
Posts: 62

Original Poster
Rep: Reputation: 15
I get packets with 'value' 44 or 165 instead of 74, too!
 
Old 07-17-2003, 11:09 AM   #6
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Rep: Reputation: 30
Perhaps it indicates the size of the payload of the packet rather than the size of the whole packet????
 
Old 07-17-2003, 02:23 PM   #7
hampel
Member
 
Registered: Jun 2003
Posts: 62

Original Poster
Rep: Reputation: 15
i get many packets, and only with these numbers!
it guess it's the small icon in my taskbar (windows) which checks for new e-mail!
 
Old 07-17-2003, 02:44 PM   #8
phoeniXflame
Member
 
Registered: Feb 2003
Location: Somewhere, UK
Distribution: Slack, OpenBSD, Debian, SuSE
Posts: 189

Rep: Reputation: 30
if my memmory serves me correctly its the size of the packets not including udp and ip protocol headers
 
Old 07-17-2003, 04:18 PM   #9
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Rep: Reputation: 30
Quote:
Originally posted by phoeniXflame
if my memmory serves me correctly its the size of the packets not including udp and ip protocol headers
Yeah it sounds like its just the payload of the packet
 
Old 07-18-2003, 12:53 AM   #10
hampel
Member
 
Registered: Jun 2003
Posts: 62

Original Poster
Rep: Reputation: 15
Thanks!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help interpreting tcpdump output line wrw3 Linux - Networking 0 10-29-2005 07:47 PM
tcpdump output help asim_s2000 Linux - Networking 4 11-11-2004 08:30 AM
how to get a formatted output of the tcpdump abirami Linux - Networking 4 10-18-2004 12:57 AM
Summarizing tcpdump output Xit Linux - Networking 1 08-07-2004 02:35 PM
Help reading TCPDUMP output BenCarlisle Linux - Networking 3 02-27-2003 02:35 PM


All times are GMT -5. The time now is 06:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration