Sunday, October 5, 2008

Notes for tcpdump

Note 1 
I run tcpdump in iphone to listen to the packet traffic
I run "tcpdump -vvv -i en0 > en0" and "tcpdump -vvv -i pdp_ip0" at the same time in the terminal.
I the result file "en0", I find the following
>>> NBT UDP PACKET(138) Res=0x110E ID=0x81CE IP=169 (0xa9).254 (0xfe).223 (0xdf).49 (0x31) Port=138 (0x8a) Length=197 (0xc5) Res2=0x0 
WARNING: Short packet. Try increasing the snap length
I searched it and this needs not to be worried.

It's not something to be worried about. It's not a FreeBSD or 
SAMBA problem, either. 

It's tcpdump complaining about snaplen (-s ) being 
shorter than at least one packet it encountered in the stream.

For recovery purpose, I rewrite this line to "(Recovered by Junxian )id 33230, offset 0", so that the id can be recorded by my Perl script.

No comments: