Date: Thu, 3 Mar 2016 09:40:40 +0100 From: Matthias Apitz <guru@unixarea.de> To: freebsd-questions@freebsd.org Subject: tcpdump expr for SYN-SYN-ACK only Message-ID: <20160303084040.GA64528@c720-r292778-amd64>
next in thread | raw e-mail | index | archive | help
Hello, I'm hunting some network problem wherein the SYN-SYN-ACK packages are not arriving within the correct time windows. I'd like to monitor only these packages with something like: # tcpdump -i bge0 -n 'tcp[tcpflags] & (tcp-syn|tcp-fin|tcp-ack) != 0 and port 8115' this works fine for the SYN packages, but shows all ACK, while I only want to see the 1st one. How could this be filtered? Thanks matthias -- Matthias Apitz, ✉ guru@unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160303084040.GA64528>