diff options
| author | Randy Sofia <rsofia@users.sourceforge.net> | 2010-01-26 15:46:37 -0800 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2010-01-26 15:46:37 -0800 |
| commit | 0e5561f7c7a905295a126bb8f6c1b160e6ffc380 (patch) | |
| tree | b4f55e3948870f75209434db8c5e71b0031d0459 | |
| parent | c0a91acf9ba0ee60063c9095a8cc9e51ed9e4d62 (diff) | |
| download | tcpdump-0e5561f7c7a905295a126bb8f6c1b160e6ffc380.tar.gz | |
Add some information about the symbolic references to TCP flags.
Reviewed-by: Guy Harris <guy@alum.mit.edu>
| -rw-r--r-- | CREDITS | 1 | ||||
| -rw-r--r-- | tcpdump.1.in | 12 |
2 files changed, 13 insertions, 0 deletions
@@ -145,6 +145,7 @@ Additional people who have contributed patches: Peter Volkov <pva at gentoo dot org> Phil Wood <cpw at lanl dot gov> Rafal Maszkowski <rzm at icm dot edu dot pl> + Randy Sofia <rsofia at users dot sourceforge dot net> Raphael Raimbault <raphael dot raimbault at netasq dot com> Rick Cheng <rcheng at juniper dot net> Rick Jones <rick dot jones2 at hp dot com> diff --git a/tcpdump.1.in b/tcpdump.1.in index f0f7ce05..6a4354a0 100644 --- a/tcpdump.1.in +++ b/tcpdump.1.in @@ -1143,6 +1143,18 @@ This points us to the \fItcpdump\fP filter expression tcpdump -i xl0 'tcp[13] & 2 == 2' .RE .PP +Some offsets and field values may be expressed as names +rather than as numeric values. For example tcp[13] may +be replaced with tcp[tcpflags]. The following TCP flag +field values are also available: tcp-fin, tcp-syn, tcp-rst, +tcp-push, tcp-act, tcp-urg. +.PP +This can be demonstrated as: +.RS +.B + tcpdump -i xl0 'tcp[tcpflags] & tcp-push != 0' +.RE +.PP Note that you should use single quotes or a backslash in the expression to hide the AND ('&') special character from the shell. |