Guy,
Thanks for your interest and time.
Chuck
D:\Profiles\cngr85\Desktop\dump>windump -h
windump version 3.9.5, based on tcpdump version 3.9.5
WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap
version 0.9.5
Usage: windump [-aAdDeflLnNOpqRStuUvxX] [ -B size ] [-c count] [ -C
file_size ]
[ -E algo:secret ] [ -F file ] [ -i interface ] [ -M
secret ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
[ -W filecount ] [ -y datalinktype ] [ -Z user ]
[ expression ]
D:\Profiles\cngr85\Desktop\dump>windump -d "tcp[13] & 0x02 = 2"
windump: listening on \Device\NPF_GenericDialupAdapter
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 11
(002) ldb [23]
(003) jeq #0x6 jt 4 jf 11
(004) ldh [20]
(005) jset #0x1fff jt 11 jf 6
(006) ldxb 4*([14]&0xf)
(007) ldb [x + 27]
(008) and #0x2
(009) jeq #0x2 jt 10 jf 11
(010) ret #96
(011) ret #0
D:\Profiles\cngr85\Desktop\dump>windump -d "tcp[13:1] = 2"
windump: listening on \Device\NPF_GenericDialupAdapter
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 10
(002) ldb [23]
(003) jeq #0x6 jt 4 jf 10
(004) ldh [20]
(005) jset #0x1fff jt 10 jf 6
(006) ldxb 4*([14]&0xf)
(007) ldb [x + 27]
(008) jeq #0x2 jt 9 jf 10
(009) ret #96
(010) ret #0