Technical data

ManualsBrandsCompaq ManualsComputer equipmentCompaq TCP/IP Services for OpenVMS

Troubleshooting Techniques and Tools

1.2 Isolating Problems

rarp

tcp

udp

icmp

The proto variable indicates the protocol layer for the index operation.

• The byte offset, relative to the indicated protocol layer, is speciﬁed by expr.

• The size variable is optional and indicates the number of bytes in the ﬁeld of

interest; it can be:

one

two

four

The default size is

one

For example:

•

ether[0]&1!=0

detects all multicast trafﬁc.

•

ip[0] & 0xf != 5

detects all IP packets with options.

•

ip[2:2] & 0x1fff = 0

detects only unfragmented datagrams and fragment

zero of fragmented datagrams. This check is implicitly applied to the TCP

and UDP index operations. For instance,

tcp[0]

always means the ﬁrst byte

of the TCP header, and never means the ﬁrst byte of an intervening fragment.

1.2.5.2.6 Combining Keywords Keywords can be combined using:

• A parenthesized group of primitives and operators

• Negation (

not

)

• Concatenation (

and

)

• Alternation (

)

Negation has highest precedence. Alternation and concatenation have equal

precedence and associate left to right. Note that explicit and tokens (not

juxtaposition) are required for concatenation.

If an identiﬁer is given without a keyword, the most recent keyword is assumed.

For example, the following two examples are equivalent:

not host vs and ace

not host vs and host ace

However, the following example is not equivalent to the previous two:

not ( host vs or ace )

Expression arguments can be passed to

tcpdump

as either a single argument or

as multiple arguments, whichever is more convenient. Multiple arguments are

concatenated with spaces before being parsed.

Troubleshooting Techniques and Tools 1–15