10 Jul
2008
10 Jul
'08
1:05 a.m.
Andreas Heise wrote:
Hi Klaus,
please try again with "tcpdump port 5060 -s 1600 -v" with -v the message
seems
to be only decoded if the ip packet is complete (-s 1600).
Tested with tcpdump version 3.9.5, libpcap version 0.9.5 on Debian.
# tcpdump port 5060 -s 1600 -v
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
1600 bytes
01:03:48.001623 IP (tos 0x0, ttl 120, id 14327, offset 0, flags [none],
length: 693) 80-121-18-58.adsl.highway.telekom.at.51401 >
sip.at43.at.sip: [udp sum ok] UDP, length: 665
01:03:48.002965 IP (tos 0x10, ttl 64, id 1892, offset 0, flags [DF],
length: 399) sip.at43.at.sip >
80-121-18-58.adsl.highway.telekom.at.51401: [udp sum ok] UDP, length: 371
# tcpdump -V
tcpdump version 3.8.3
libpcap version 0.8.3
probably my tcpdump is too old (debian sarge)
thanks anyway
klaus