I make some tcpdump test on a AIX machine (4.3)
Some configuration run well like
tcpdump 'tcp[13] & 0x12 = 2'
(#for to have active connection with synis set and ack is not set).
But with other caracters like '(' my tcpdump program doesn't run with
syntax error, ex.:
tcp[13] & 0xff = 2 && (ip[2:2] - ((ip[0] & 0x0f) * 4) -
((tcp[12] & 0xf0) / 4)) != 0
(#attempts to include data on the initialSYN).

Is a AIX problem? What should i make to overcome this.
Anyone has any idea

Thankx

Your syntax works fine under BSD. I'll boot up my B50 when I get home and try the syntax under AIX. Are you running 4.3.x or 5L? Which version of tcpdump?

Thanks,

Keith

I'm using AIX 4.3.3 with tcpdump Version 2.2.1.

Regards,
nymus

i got one question i dont know i am doing right or wrong

i am lloking to produce a tcpdump of a dns lookup and the start of a telnet connection(including tcp hand shaking and the first few data packets)

can any body help me what command is sutible for this
thanks

first few packets of a telnet connection? Sounds a little shady if you ask me...

are you getting a syntax error??

this should do the trick without being fancy. You might want to add other flags
check out iptrace also.