Steve Kehlet

Asked: 2014-04-05 10:12:33 +0800 CST2014-04-05 10:12:33 +0800 CST 2014-04-05 10:12:33 +0800 CST

tcpdump expression to show zero-byte ACKs?

I want to show zero-byte TCP keepalives sent and received. While this could be generally useful, in this particular case I want to prove that a change I made to the JDBC driver (adding tcpKeepAlive=true) is causing the keepalives to be sent periodically (at the interval I've already configured in /proc/sys/net/ipv4/tcp_keepalive_time, and I know is working). They look like this:

21:35:00.150604 IP 1.2.3.4.53019 > 5.6.7.8.postgres: . ack 635465 win 772 <nop,nop,timestamp 1666835314 1722393170>

But I'd like to figure out a filter so it doesn't show all traffic. I found ip[2:2] which allows you to filter by the total packet length. Is the length of a zero-byte ACK constant?

# not it, but maybe close
tcpdump -nn 'ip[2:2] = 50'

Thanks!

tcpdump expression to show zero-byte ACKs?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

tcpdump expression to show zero-byte ACKs?

0 Answers