AnsweredAssumed Answered

What is 'IN' and 'OUT' of g_tcpdump?

Question asked by maurie92bb4c8-e697-481c-ad88-010c3601580b on Aug 16, 2018
Latest reply on Aug 22, 2018 by Lari Luoma

Hey everyone,

 

I was asked to capture some packets:

g_tcpdump -enni any host 1.1.1.1 and 2.2.2.2

 

[1_04]10:33:23.330521  In aa:aa:aa:aa:aa:aa ethertype IPv4 (0x0800), length 76: 2.2.2.2.42814 > 1.1.1.1.25: S 2726345066:2726345066(0) win 29200 <mss 1376,sackOK,timestamp 1052353694 0,nop,wscale 7>
[1_04]10:33:23.331136 Out bb:bb:bb:bb:bb:bb ethertype IPv4 (0x0800), length 76: 2.2.2.2.42814 > 1.1.1.1.25: S 2726345066:2726345066(0) win 29200 <mss 1376,sackOK,timestamp 1052353694 0,nop,wscale 7>
[1_04]10:33:23.331141 Out bb:bb:bb:bb:bb:bb ethertype IPv4 (0x0800), length 76: 2.2.2.2.42814 > 1.1.1.1.25: S 2726345066:2726345066(0) win 29200 <mss 1376,sackOK,timestamp 1052353694 0,nop,wscale 7>
[1_04]10:33:23.331142 Out bb:bb:bb:bb:bb:bb ethertype IPv4 (0x0800), length 76: 2.2.2.2.42814 > 1.1.1.1.25: S 2726345066:2726345066(0) win 29200 <mss 1376,sackOK,timestamp 1052353694 0,nop,wscale 7>
[1_04]10:33:23.376815  In aa:aa:aa:aa:aa:aa ethertype IPv4 (0x0800), length 76: 1.1.1.1.25 > 2.2.2.2.42814: S 316929424:316929424(0) ack 2726345067 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 3937627326 1052353694>
[1_04]10:33:23.376841 Out bb:bb:bb:bb:bb:bb ethertype IPv4 (0x0800), length 76: 1.1.1.1.25 > 2.2.2.2.42814: S 316929424:316929424(0) ack 2726345067 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 3937627326 1052353694>
[1_03]10:33:23.376140  In aa:aa:aa:aa:aa:aa ethertype IPv4 (0x0800), length 76: 1.1.1.1.25 > 2.2.2.2.42814: S 316929424:316929424(0) ack 2726345067 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 3937627326 1052353694>
[1_03]10:33:23.376233 Out aa:aa:aa:aa:aa:aa ethertype IPv4 (0x0800), length 76: 1.1.1.1.25 > 2.2.2.2.42814: S 316929424:316929424(0) ack 2726345067 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 3937627326 1052353694>
[1_03]10:33:23.376253 Out aa:aa:aa:aa:aa:aa ethertype IPv4 (0x0800), length 76: 1.1.1.1.25 > 2.2.2.2.42814: S 316929424:316929424(0) ack 2726345067 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 3937627326 1052353694>
[1_04]10:33:23.376842 Out bb:bb:bb:bb:bb:bb ethertype IPv4 (0x0800), length 76: 1.1.1.1.25 > 2.2.2.2.42814: S 316929424:316929424(0) ack 2726345067 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 3937627326 1052353694>

What exactly does 'IN' and 'OUT' mean?

 

I first suggested that it has something to do with an Interface, but then I saw that every combination between MAC and IN/OUT exists. Furthermore, no interface is displayed

 

Do you have any idea?

My internet search didn't work with IN/OUT

 

Best regards,

Maurice

Outcomes