How to capturing packet data so i can see the Version, IHL, TOS, etc?

polutan · October 21, 2011, 10:22am

Helo Folks
i had read an answer in this thread unix[dot]com/programming/117551-calculate-ip-header-checksum-manually.html

i need to know what the software name that was used to capturing packet data in a network, just like the packet's capture output that showed up in the thread.

Thank you

PS
#Wowww i just shocked with the forum's rules.. very very restricted and hard rules
i am not allowed to write a URL before i ever post at least 5 post. wewww..

thanhdat · October 21, 2011, 10:38am

tcpdump, wireshark can capture packets in a network, or you can write a perl script using libpcap, it works too.

polutan · October 23, 2011, 10:09am

yes, i had try using tcpdump but i can't get the expected result.
i jus get output like this :

22:07:24.594264 IP okaprinarjaya-machine.local > 224.0.0.251: igmp v2 report 224.0.0.251
22:07:24.595606 IP okaprinarjaya-machine.local.59749 > google-public-dns-a.google.com.domain: 7289+ PTR? 251.0.0.224.in-addr.arpa. (42)
22:07:24.778994 IP google-public-dns-a.google.com.domain > okaprinarjaya-machine.local.59749: 7289 NXDomain 0/1/0 (99)
22:07:24.880158 IP6 fe80::290:f5ff:fe51:af16.mdns > ff02::fb.mdns: 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)

i can't see where's the Version, IHL, TOS, etc

thank you

polutan · October 25, 2011, 9:48am

i can't get Version,IHL,TOS, etc until now using tcpdump. Anybody know how to get Version, IHL, TOS, etc using tcpdump just like what showed up in unix[dot]com/programming/117551-calculate-ip-header-checksum-manually.html

thanhdat · October 25, 2011, 3:06pm

Sorry for my belated reply, in fact, you can redirect the output to a file (in raw mode) then visualize using wireshark (or tcpdump -vv -x -X, i don't have tcpdump installed on my PC right now so I can't show you the output). That way, you can see any information in a packet (version, IHL, TOS...) but they are in HEX so you have to translate them bit by bit.
Hope this helps.

polutan · October 27, 2011, 7:24pm

Ok.... thank you very much @thanhdat
now i can see the packet just like what i want

---------- Post updated at 07:24 AM ---------- Previous update was at 07:20 AM ----------

Before i forget, i want to add some correction from your answer
tcpdump -w afile.log -x -X
then read it with
tcpdump -r afile.log -x -X

Thank you