Interpreting and Understanding tcpdump file
 

Hi,
I am new to networking, and I was ask to do a tcpdump on a certain source and destination. I have executed this command successfully. The output file processed in ethereal software so I could get the full details. But since I'm new with this one. I don't undertand that much.
specially the line (Packet size limited during capture). THis appearred on both source and destination.Below are sample tcpdump ooutput file. Please help me, I'm kinda stuck on this one. Thanks


Source DST Protocol Info
205.135.86.25 69.180.85.26 SIP Request: INVITE sip:0118521236547@69.180.85.26[Packet size limited during capture]
205.135.86.25 69.180.85.26 SIP Request: OPTIONS sip:69.180.85.26[Packet size limited during capture]
69.180.85.26 205.135.86.25 SIP Status: 100 Trying[Packet size limited during capture]
69.180.85.26 205.135.86.25 SIP Status: 200 Ok [Packet size limited during capture]
69.180.85.26 205.135.86.25 SIP Status: 183 Ok [Packet size limited during capture]
69.180.85.26 205.135.86.25 SIP Status: 200 OK[Packet size limited during capture]
205.135.86.25 69.180.85.26 SIP Request: ACK sip: 0118521236547@69.180.85.26[Packet size limited during capture]

Thank you very much

Best Regards,
newbie_adm

well what do you want to know? you have the source IP followed by the destination IP. then it's the protocol, SIP, then the SIP specific details, status code etc... not much else to tell you to be honest. if you check the wireshark wiki you can get sample captures of all sorts of traffic, like SIP including deliberate errors etc... at the SIP level though, it's up to you to understand the protocols in place, based on reference books etc... wireshark as a program is very useful to scrape out extra details from a tcpdump file. note of course that those packets are sizse limited, so only of a certian use, add "-s0" to the tcpdump command line to capture 100% of the data.