incorrect port value in tcpdump output

pluknet pluknet at gmail.com
Tue Mar 31 22:53:07 PDT 2009


2009/4/1 Dan Nelson <dnelson at allantgroup.com>:
> In the last episode (Apr 01), pluknet said:
>> tcpdump'ed from RELENG_7, kernel and modules as of Mar 22 are in sync,
>> world as of Mar 18.
>>
>> I caught this while building kernel via NFS. The subj host is an NFS server.
>>
>> 23:22:03.056098 IP (tos 0x0, ttl 64, id 26932, offset 0, flags [DF], proto TCP (6), length 160) 172.17.5.168.2355868444 > 172.17.5.167.2049: 108 getattr [|nfs]
>>         0x0000:  4500 00a0 6934 4000 4006 6db2 ac11 05a8
>>         0x0010:  ac11 05a7 0396 0801 7631 7eb4 37c6 db06
>>         0x0020:  8018 40cc 54c6 0000 0101 080a 00a5 d95b
>>         0x0030:  da0f fa92 8000 0068 8c6b b31c 0000 0000
>>         0x0040:  0000 0002 0001 86a3 0000 0003 0000 0001
>>         0x0050:  0000
>> 23:22:03.056180 IP (tos 0x0, ttl 128, id 10841, offset 0, flags [DF], proto TCP (6), length 168) 172.17.5.167.2049 > 172.17.5.168.2355868444: reply ok 116 getattr [|nfs]
>>         0x0000:  4500 00a8 2a59 4000 8006 6c85 ac11 05a7
>>         0x0010:  ac11 05a8 0801 0396 37c6 db06 7631 7f20
>>         0x0020:  8018 71c7 7a07 0000 0101 080a da0f fa93
>>         0x0030:  00a5 d95b 8000 0070 8c6b b31c 0000 0001
>>         0x0040:  0000 0000 0000 0000 0000 0000 0000 0000
>>         0x0050:  0000
>>
>> If you'd look in tcp header then 2355868444 value should be 918 actually
>> (as htons(918) returns expected 9603 in hex (0396 in net order)).
>
> That's not the port number; that's the NFS transaction id.  See the tcpdump
> manpage, under the section "NFS Requests and Replies".
>

Gah.. thank you, I was too dumb to read the man page.

-- 
wbr,
pluknet


More information about the freebsd-stable mailing list