![]() ![]() The offset, once multiplied by 4 gives the byte count of the TCP header, meaning ((tcp & 0xf0) > 2) provides the size of the TCP header. ![]() Tcp means capturing the 13th byte of the tcp packet, corresponding to first half being the offset, second half being reserved. Tcp & 0xf0) > 2)] = 0x16: a bit more tricky, let’s detail this below Tcp port 443: I suppose this is the port your server is listening on, change it if you need Tcpdump -ni eth0 “tcp port 443 and (tcp & 0xf0) > 2)] = 0x16)”Įth0: is my network interface, change it if you need ![]()
0 Comments
Leave a Reply. |