The design intent of the tcpdump code is not only to display the forces messages seen on the wire but also try to help an implementor in catching obvious bugs with semantics. This is a very complete implementation whcih will go all the way to showing validity of path data. There are 5 verbosity levels each showing a little more. This implementation will catch obvious formatting errors even when you use the lowest verbosity level. More further below. Verbosity level 1 ----------------- By default tcpdump will only show the SCTP TML channel used and the ForCES message type.. Example: 03:44:21.946173 IP 150.140.188.175.52241 > 122.234.12.163.6700: sctp[ForCES HP] (1) [DATA] (B)(E) [TSN: 3344255130] [SID: 0] [SSEQ 0] [PPID 0x0] ForCES Association Setup 03:44:22.438303 IP 122.234.12.163.6700 > 150.140.188.175.52241: sctp[ForCES HP] (1) [DATA] (B)(E) [TSN: 1244848200] [SID: 0] [SSEQ 0] [PPID 0x0] ForCES Association Response 03:44:22.903856 IP 122.234.12.163.6700 > 150.140.188.175.52241: sctp[ForCES HP] (1) [DATA] (B)(E) [TSN: 1244848201] [SID: 0] [SSEQ 1] [PPID 0x0] ForCES Query 03:44:22.906159 IP 150.140.188.175.52241 > 122.234.12.163.6700: sctp[ForCES HP] (1) [DATA] (B)(E) [TSN: 3344255131] [SID: 0] [SSEQ 1] [PPID 0x0] ForCES Query Response 03:44:32.637868 IP 122.234.12.163.6702 > 150.140.188.175.35493: sctp[ForCES LP] (1) [DATA] (B)(E) [TSN: 2678640352] [SID: 0] [SSEQ 0] [PPID 0x0] ForCES HeartBeat Verbosity level 2 ----------------- If you pass tcpdump the -v option it will show a little more detail: For example it will give you a lot more info about the main header. common implementation mistakes caught at this level: you used a CEid on an FE or vice-versa, used the wrong correlator, passed the wrong flags etc 03:44:21.946173 IP (tos 0x2,ECT(0), ttl 64, id 1, offset 0, flags [DF], proto SCTP (132), length 72) 150.140.188.175.52241 > 122.234.12.163.6700: sctp[ForCES HP] (1) [DATA] (B)(E) [TSN: 3344255130] [SID: 0] [SSEQ 0] [PPID 0x0] ForCES Association Setup ForCES Version 1 len 24B flags 0xf8000000 SrcID 0x1(FE) DstID 0x40000000(CE) Correlator 0x1 03:44:22.438303 IP (tos 0x0, ttl 42, id 61504, offset 0, flags [DF], proto SCTP (132), length 80) 122.234.12.163.6700 > 150.140.188.175.52241: sctp[ForCES HP] (1) [DATA] (B)(E) [TSN: 1244848200] [SID: 0] [SSEQ 0] [PPID 0x0] ForCES Association Response ForCES Version 1 len 32B flags 0x38000000 SrcID 0x40000000(CE) DstID 0x1(FE) Correlator 0x1 Verbosity level 3 ----------------- if you pass an extra verbosity like -vv this will now go even further and print more details about the headers common implementation mistakes caught at this level: wrong flags in terms of endianness etc. 03:44:22.903856 IP (tos 0x0, ttl 42, id 61505, offset 0, flags [DF], proto SCTP (132), length 100) 122.234.12.163.6700 > 150.140.188.175.52241: sctp[ForCES HP] 1) [DATA] (B)(E) [TSN: 1244848201] [SID: 0] [SSEQ 1] [PPID 0x0] ForCES Query ForCES Version 1 len 52B flags 0xf8400000 SrcID 0x40000000(CE) DstID 0x1(FE) Correlator 0x1 ForCES flags: AlwaysACK(0x3), prio=7, execute-all-or-none(0x1), Standalone(0x0), StartofTransaction(0x0) Extra flags: rsv(b5-7) 0x0 rsv(b13-15) 0x0 rsv(b16-31) 0x0 03:44:22.906159 IP (tos 0x2,ECT(0), ttl 64, id 3, offset 0, flags [DF], proto SCTP (132), length 128) 150.140.188.175.52241 > 122.234.12.163.6700: sctp[ForCES HP] 1) [DATA] (B)(E) [TSN: 3344255131] [SID: 0] [SSEQ 1] [PPID 0x0] ForCES Query Response ForCES Version 1 len 80B flags 0x38400000 SrcID 0x1(FE) DstID 0x40000000(CE) Correlator 0x1 ForCES flags: NoACK(0x0), prio=7, execute-all-or-none(0x1), Standalone(0x0), StartofTransaction(0x0) Extra flags: rsv(b5-7) 0x0 rsv(b13-15) 0x0 rsv(b16-31) 0x0 Verbosity level 4 ----------------- if you pass -vvv this will now go even further and print more details about the headers and subheaders as well, example: 03:44:21.946173 IP (tos 0x2,ECT(0), ttl 64, id 1, offset 0, flags [DF], proto SCTP (132), length 72) 150.140.188.175.52241 > 122.234.12.163.6700: sctp[ForCES HP] 1) [DATA] (B)(E) [TSN: 3344255130] [SID: 0] [SSEQ 0] [PPID 0x0] ForCES Association Setup ForCES Version 1 len 24B flags 0xf8000000 SrcID 0x1(FE) DstID 0x40000000(CE) Correlator 0x1 ForCES flags: AlwaysACK(0x3), prio=7, EMReserved(0x0), Standalone(0x0), StartofTransaction(0x0) Extra flags: rsv(b5-7) 0x0 rsv(b13-15) 0x0 rsv(b16-31) 0x0 03:44:22.438303 IP (tos 0x0, ttl 42, id 61504, offset 0, flags [DF], proto SCTP (132), length 80) 122.234.12.163.6700 > 150.140.188.175.52241: sctp[ForCES HP] 1) [DATA] (B)(E) [TSN: 1244848200] [SID: 0] [SSEQ 0] [PPID 0x0] ForCES Association Response ForCES Version 1 len 32B flags 0x38000000 SrcID 0x40000000(CE) DstID 0x1(FE) Correlator 0x1 ForCES flags: NoACK(0x0), prio=7, EMReserved(0x0), Standalone(0x0), StartofTransaction(0x0) Extra flags: rsv(b5-7) 0x0 rsv(b13-15) 0x0 rsv(b16-31) 0x0 ASResult TLV, length 8 (data length 4 Bytes) Success (0) or for fun watch this config and config-response on the FE Object LFB 03:44:22.903856 IP (tos 0x0, ttl 42, id 61505, offset 0, flags [DF], proto SCTP (132), length 100) 122.234.12.163.6700 > 150.140.188.175.52241: sctp[ForCES HP] 1) [DATA] (B)(E) [TSN: 1244848201] [SID: 0] [SSEQ 1] [PPID 0x0] ForCES Query ForCES Version 1 len 52B flags 0xf8400000 SrcID 0x40000000(CE) DstID 0x1(FE) Correlator 0x1 ForCES flags: AlwaysACK(0x3), prio=7, execute-all-or-none(0x1), Standalone(0x0), StartofTransaction(0x0) Extra flags: rsv(b5-7) 0x0 rsv(b13-15) 0x0 rsv(b16-31) 0x0 LFBselect TLV, length 28 (data length 24 Bytes) FEObj LFB(Classid 1) instance 1 Oper TLV Get(0x7) length 16 PATH-DATA TLV, length 12 (data encapsulated 8 Bytes) Pathdata: Flags 0x0 ID count 1 ID#01: 2 03:44:22.906159 IP (tos 0x2,ECT(0), ttl 64, id 3, offset 0, flags [DF], proto SCTP (132), length 128) 150.140.188.175.52241 > 122.234.12.163.6700: sctp[ForCES HP] 1) [DATA] (B)(E) [TSN: 3344255131] [SID: 0] [SSEQ 1] [PPID 0x0] ForCES Query Response ForCES Version 1 len 80B flags 0x38400000 SrcID 0x1(FE) DstID 0x40000000(CE) Correlator 0x1 ForCES flags: NoACK(0x0), prio=7, execute-all-or-none(0x1), Standalone(0x0), StartofTransaction(0x0) Extra flags: rsv(b5-7) 0x0 rsv(b13-15) 0x0 rsv(b16-31) 0x0 LFBselect TLV, length 56 (data length 52 Bytes) FEObj LFB(Classid 1) instance 1 Oper TLV GetResp(0x9) length 44 PATH-DATA TLV, length 40 (data encapsulated 36 Bytes) Pathdata: Flags 0x0 ID count 1 ID#01: 2 FULLDATA TLV (Length 28 DataLen 24 Bytes) [ 0x0000: 0000 0000 0000 0001 0000 0001 0000 0001 0x0010: 0000 0002 0000 0001 ] Or even more fun, here's a nested path data message... 06:53:11.247909 IP (tos 0x2,ECT(0), ttl 64, id 8, offset 0, flags [DF], proto SCTP (132), length 124) 192.168.1.7.34917 > 192.168.1.7.6700: sctp[ForCES HP] 1) [DATA] (B)(E) [TSN: 2574629157] [SID: 0] [SSEQ 1] [PPID 0x0] ForCES Query Response ForCES Version 1 len 76B flags 0x38000000 SrcID 0x7(FE) DstID 0x40000001(CE) Correlator 0x2 ForCES flags: NoACK(0x0), prio=7, EMReserved(0x0), Standalone(0x0), StartofTransaction(0x0) Extra flags: rsv(b5-7) 0x0 rsv(b13-15) 0x0 rsv(b16-31) 0x0 LFBselect TLV, length 52 (data length 48 Bytes) FEObj LFB(Classid 1) instance 1 Oper TLV GetResp(0x9) length 40 PATH-DATA TLV, length 36 (data encapsulated 32 Bytes) Pathdata: Flags 0x0 ID count 1 ID#01: 2 PATH-DATA TLV, length 24 (data encapsulated 20 Bytes) Pathdata: Flags 0x0 ID count 1 ID#01: 2 FULLDATA TLV (Length 12 DataLen 8 Bytes) [ 0x0000: 0000 0002 0000 0001 ] Verbosity level 5 ----------------- You want more data? -vvvv will also dump the raw byte code in hex addition to what is provided by -vvv 03:44:21.946173 IP (tos 0x2,ECT(0), ttl 64, id 1, offset 0, flags [DF], proto SCTP (132), length 72) 150.140.188.175.52241 > 122.234.12.163.6700: sctp[ForCES HP] 1) [DATA] (B)(E) [TSN: 3344255130] [SID: 0] [SSEQ 0] [PPID 0x0] ForCES Association Setup ForCES Version 1 len 24B flags 0xf8000000 SrcID 0x1(FE) DstID 0x40000000(CE) Correlator 0x1 ForCES flags: AlwaysACK(0x3), prio=7, EMReserved(0x0), Standalone(0x0), StartofTransaction(0x0) Extra flags: rsv(b5-7) 0x0 rsv(b13-15) 0x0 rsv(b16-31) 0x0 Raw ForCES message [ 0x0000: 1001 0006 0000 0001 4000 0000 0000 0000 0x0010: 0000 0001 f800 0000 ] Erroneous formats ----------------- Example #1 syntax validation: -------- 09:43:46.494561 IP (tos 0x0, ttl 43, id 21, offset 0, flags [DF], proto SCTP (13 2), length 124) 122.234.155.8.32820 > 150.140.188.145.6700: sctp[ForCES HP] 1) [DATA] (B)(E) [TSN: 996458215] [SID: 0] [SSEQ 2] [PPID 0x0] ForCES Config Response ForCES Version 1 len 76B flags 0x38400000 SrcID 0x3(FE) DstID 0x40000000(CE) Correlator 0x14 ForCES flags: NoACK(0x0), prio=7, execute-all-or-none(0x1), Standalone(0x0), StartofTransaction(0x0) Extra flags: rsv(b5-7) 0x0 rsv(b13-15) 0x0 rsv(b16-31) 0x0 LFBselect TLV, length 52 (data length 48 Bytes) FEProtoObj LFB(Classid 2) instance 1 Oper TLV SetResp(0x3) length 40 PATH-DATA TLV, length 20 (data encapsulated 16 Bytes) Pathdata: Flags 0x0 ID count 1 ID#01: 4 RESULT TLV (Length 8 DataLen 4 Bytes) illegal result code: 0x18! PATH-DATA TLV, length 16 (data encapsulated 12 Bytes) Pathdata: Flags 0x0 ID count 0 RESULT TLV (Length 8 DataLen 4 Bytes) illegal result code: 0x18! Raw ForCES message [ 0x0000: 1013 0013 0000 0003 4000 0000 0000 0000 0x0010: 0000 000e 3840 0000 1000 0034 0000 0002 0x0020: 0000 0001 0003 0028 0110 0014 0000 0001 0x0030: 0000 0004 0114 0008 1800 0000 0110 0010 0x0040: 0000 0000 0114 0008 1800 0000 ] -------- Note: 0x18 is not a legitimate Result code.. Example #2 semantic validation: ----- IP 192.168.1.7.43423 > 192.168.1.7.6702: sctp[ForCES LP] (1) [DATA] (B)(E) [TSN: 4169461963] [SID: 0] [SSEQ 0] [PPID 0x0] ForCES Query Response INValid oper-TLV type 0x7 length 16 for this ForCES message ---- Notice two things a) the LP channel is used; it should have used the HP channel b) an operation TLV type 7 was used. This is GET operation but this message is a ForCES Query Response. The operation should have been a GET-RESPONSE.