[olug] tcpdump output question

Dave H dave_cog at hotmail.com
Tue Oct 1 14:14:04 UTC 2002


Running redhat 7.3, when I do this:

[root at isengard dave]# /usr/sbin/tcpdump -x -X -vv -n udp

Every three packet-headers looks just like this:
17:16:09.711666 src-ip.4874 > dest-ip.31091:  udp 3873 (frag 56101:1456 at 0+) 
(ttl 4, len 1476)
-snip ASCII and HEX garbage-
17:16:09.712874 src-ip > dest-ip: (frag 56101:1456 at 1456+) (ttl 4, len 1476)
-snip ASCII and HEX garbage-
17:16:09.713686 src-ip > dest-ip: (frag 56101:969 at 2912) (ttl 4, len 989)
-snip ASCII and HEX garbage-

and then the headers repeat themselves.  But my question is how come only 
the first header has source/destination port numbers?  All of these should 
be UDP packets since those are the only type of packets i told tcpdump to 
look at, so all headers should include source/destination ip addresses... 
right?
All these udp packets are from the same application, so they should all have 
the same src/dst port address.  in fact when the pattern repeats every 3 
packets the src/dst port numbers are the same as the previous bunch.

Does anyone know?

ps, if you are interested, these are packets from streaming media.

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




More information about the OLUG mailing list