Date: Tue, 31 Mar 2009 17:30:24 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: pluknet <pluknet@gmail.com> Cc: FreeBSD Stable Mailing List <freebsd-stable@freebsd.org> Subject: Re: incorrect port value in tcpdump output Message-ID: <20090331223024.GA70541@dan.emsphone.com> In-Reply-To: <a31046fc0903311315s2ff30e88jd78b0df036f00a53@mail.gmail.com> References: <a31046fc0903311315s2ff30e88jd78b0df036f00a53@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Apr 01), pluknet said: > tcpdump'ed from RELENG_7, kernel and modules as of Mar 22 are in sync, > world as of Mar 18. > > I caught this while building kernel via NFS. The subj host is an NFS server. > > 23:22:03.056098 IP (tos 0x0, ttl 64, id 26932, offset 0, flags [DF], proto TCP (6), length 160) 172.17.5.168.2355868444 > 172.17.5.167.2049: 108 getattr [|nfs] > 0x0000: 4500 00a0 6934 4000 4006 6db2 ac11 05a8 > 0x0010: ac11 05a7 0396 0801 7631 7eb4 37c6 db06 > 0x0020: 8018 40cc 54c6 0000 0101 080a 00a5 d95b > 0x0030: da0f fa92 8000 0068 8c6b b31c 0000 0000 > 0x0040: 0000 0002 0001 86a3 0000 0003 0000 0001 > 0x0050: 0000 > 23:22:03.056180 IP (tos 0x0, ttl 128, id 10841, offset 0, flags [DF], proto TCP (6), length 168) 172.17.5.167.2049 > 172.17.5.168.2355868444: reply ok 116 getattr [|nfs] > 0x0000: 4500 00a8 2a59 4000 8006 6c85 ac11 05a7 > 0x0010: ac11 05a8 0801 0396 37c6 db06 7631 7f20 > 0x0020: 8018 71c7 7a07 0000 0101 080a da0f fa93 > 0x0030: 00a5 d95b 8000 0070 8c6b b31c 0000 0001 > 0x0040: 0000 0000 0000 0000 0000 0000 0000 0000 > 0x0050: 0000 > > If you'd look in tcp header then 2355868444 value should be 918 actually > (as htons(918) returns expected 9603 in hex (0396 in net order)). That's not the port number; that's the NFS transaction id. See the tcpdump manpage, under the section "NFS Requests and Replies". -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090331223024.GA70541>