tcpdump output shows IP packet with src/dest information
Hello,
I'm executing tcpdump to 'snoop' network traffic on my server for a few seconds with the command
timeout 5tcpdump -i bond0 -l -w /tmp/simon.tcpdump ip
I then read the file with the command and the result will feed a python script to do some statistics
tcpdump -N -v -r /tmp/simon.tcpdump > /tmp/simon.txt
The python script will analyze the context based on a regexp
I noticed some 'IP' lines don't contain source or destination information, for example
08:48:49.160615 ARP, Ethernet (len 6), IPv4 (len 4), Reverse Request who-is 00:50:56:ae:66:68 (oui Unknown) tell 00:50:56:ae:66:68 (oui Unknown), length 46
08:48:49.160616 IP (tos 0x0, ttl 64, id 43569, offset 0, flags [DF], proto TCP (6), length 2948)
08:48:49.160615 ARP, Ethernet (len 6), IPv4 (len 4), Reverse Request who-is 00:50:56:ae:66:68 (oui Unknown) tell 00:50:56:ae:66:68 (oui Unknown), length 46 dell965srv.39783 > dell964srv.44916: Flags [.], cksum 0x7672 (incorrect -> 0xbc47), seq 11618:14514, ack 896, win 501, options [nop,nop,TS val 15829430 ecr 1898668321], length 2896
I'm surprised to see a 'IP' package without this information. Could anyone why or redirect me to any place having any explanations?
Thanks
Simon
|