Re: question concerning tcpdump

On 10 May 2007, in the Usenet newsgroup comp.os.linux.misc, in article
<1178788197.193157.170090@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, Bernd wrote:

I ran tcpdump for about 10 hours and wrote all traffic from this host
to a file, using:
tcpdump -n -vv -w ~/tcpdump.txt -C 10 ip src host adress

OK

I have one line which i don't understand and i'm wondering about:

19:35:30.510098 IP xxxxxxx.32786 > xxxxxxxx.smpppd: S
555971953:555971953(0) win 5840 <mss
1460,sackOK,timestamp 15510435 0,nop,wscale 2>

Hello SuSE - "smpppd" is SuSE Meta PPPD - one of their "improvements"

I deleted our ip's, hope that's o.k. for you.

Depends on what you are looking for

Can i find out if this packet used tcp or udp ?

man tcpdump, and look waaayyy down for "OUTPUT FORMAT"

Is the "win 5840" a sign for tcp ?

Yes, as is the "S" (SYN) flag. UDP doesn't use either one.

I don't know much about protocols, i just red a time ago that tcp uses
"windows" for connection control.

0768 User Datagram Protocol. J. Postel. August 1980. (Format: TXT=5896
bytes) (Also STD0006) (Status: STANDARD)

0791 Internet Protocol. J. Postel. September 1981. (Format: TXT=97779
bytes) (Obsoletes RFC0760) (Updated by RFC1349) (Also STD0005)
(Status: STANDARD)

0792 Internet Control Message Protocol. J. Postel. September 1981.
(Format: TXT=30404 bytes) (Obsoletes RFC0777) (Updated by RFC0950)
(Also STD0005) (Status: STANDARD)

0793 Transmission Control Protocol. J. Postel. September 1981.
(Format: TXT=172710 bytes) (Updated by RFC3168) (Also STD0007)
(Status: STANDARD)

Not really that big, but good for a quick answer.

The first "xed" ip is our host (the source), the second one
(destination) is the router in our network.

/etc/services says: smpppd 3185/tcp # SuSE Meta PPPD
for smpppd. The machine we are talking about is a SuSE 9.2 box.
PPP is something with point-to-point protocol ?

Yes - SuSE Meta PPPD is something to do with "kinternet", and is required
by SuSE for some reason for modem, ISDN, and DSL connections.

We don't have a modem or isdn-card on this box.

You can _try_ using 'sbin/chkconfig' (see the man page) to prevent the
service from starting.

What's the problem, or is this a continuation of the strange IPs
question?

Old guy
.

Relevant Pages

  • Re: Why GCC does warn me when I using gets() function for accessing file
    ... specification/programmer/language's control. ... standard suggests. ... the input, and as longstanding existing practice, ... needed for this reason. ...
    (comp.lang.c)
  • Re: what is the size of a message encrypted with ECIES
    ... I guess I still need much research understanding what ECC ... What looks like a good idea is to make your protocol extensible. ... ECIES, each with its own names for each figure. ... there is no standard describing ECIES with all its ...
    (sci.crypt)
  • Re: real time linux
    ... >> nature this type of system is open loop. ... positional command generator in the control. ... > STEP is a standard so it is possible to have certain expectations ... outside of the STEP standard and the ability to edit and compile on the ...
    (alt.machines.cnc)
  • Re: General Graphics question
    ... Standard: what you see is what you get. ... You use a standard control and override the painting ... Chris Tacke, Embedded MVP ... by the Windows graphics libraries!!!! ...
    (microsoft.public.windowsce.embedded.vc)
  • Re: localhost != 127.0.0.1
    ... das ist der Standard. ... Umkonfiguration einfach funktionieren sollen. ... Mein altes Notebook hatte so was, Zuhause und bei $KUNDEN war DNS ... Wie hier schon von anderen festgestellt, macht auch SuSE das richtig. ...
    (de.comp.os.unix.networking.misc)