Posts Tagged ‘tcpdump’

Using TCPDUMP to Filter on DSCP

January 29th, 2012 No comments

The TCPDUMP filter to match a DSCP is a little tricky to construct. I need to explain how the filter works and also what TCPDUMP sees in the ToS Byte of the IP header and then how to filter on just the DiffServ extensions.

The IP ToS Byte (DSCP and IP ECN)

The IP ToS Byte (DSCP and IP ECN)

(in case it is not important to understand how the filter is constructed)

an example filtering on DSCP decimal 20 (AF22):
tcpdump -i eth0 (ip and (ip[1] & 0xfc) >> 2 == 20) -vvv

An example filtering on DSCP Hex 14 (also decimal 20 or AF22):
tcpdump -i eth0 (ip and (ip[1] & 0xfc) >> 2 == 0x14) –vvv
Read more…

Categories: Protocol Analysis, QoS Tags: , ,

Using TCP Flags to filter 3-Way Handshake using TCPDUMP / Wireshark

March 18th, 2011 No comments

Matching TCP traffic with particular flag combinations can be a useful way of examining TCP conversations.  Refer to the TCP State Machine to understand the context of these flags: Read more…

Categories: linux Tags: ,