Reading tcpdump header length command
This is my first post and I absolutely <3 this site! So much great content!
So, I have the following TCPDump command I want to understand what it is
asking (in plain English).
tcpdump 'tcp[12] & 80 !=0'
Is it asking to grab all TCP packets on byte offset 12 (TCP Header length
and Reserved bits) with values at least 80 that is true? I believe I am
wrong.
Writing out offset byte 12 with the value 80, I get 0101 0000. In
correcting my initially wrong answer, my mentor also wrote down: 1111 0000
0111 0000
I'm confused to what he wrote down.
No comments:
Post a Comment