tcpdump mailing list archives

Re: other interfaces ???

From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Wed, 20 Nov 2002 10:46:47 -0500

-----BEGIN PGP SIGNED MESSAGE-----

"Michael" == Michael D Schleif <mds () helices org> writes:

    Michael> What changes have occured between tcpdump v3.6x and v3.7x that might
    Michael> cause this?

  By the fact that you have ipsec0, i'm guessing it is Linux, but you don't
say what kernel.

  It sounds like libpcap guessed it could use PF_PACKET, but you don't in
fact have that facility in your kernel.

marajade-[~] root 10 #tcpdump -i eth0 -vvv  
tcpdump: listening on eth0
10:43:23.216461 sjc-vpn-cluster-2.cisco.com.10000 > BYFRASER-W2K5.ietf55.ops.ietf.org.10000: [no cksum] udp 1436 (ttl 
46, id 6526, len 1464)
10:43:23.218202 sjc-vpn-cluster-2.cisco.com.10000 > BYFRASER-W2K5.ietf55.ops.ietf.org.10000: [no cksum] udp 92 (ttl 46, 
id 6527, len 120)
10:43:23.220418 arp who-has 204.42.77.151 tell main-gw.ietf55.ops.ietf.org
10:43:23.222637 arp who-has 204.42.69.249 tell main-gw.ietf55.ops.ietf.org
10:43:23.223824 arp who-has 204.42.77.126 tell main-gw.ietf55.ops.ietf.org
10:43:23.226059 arp who-has 204.42.77.127 tell main-gw.ietf55.ops.ietf.org
10:43:23.227001 
1594 packets received by filter
1391 packets dropped by kernel

marajade-[~] root 11 #tcpdump -i ipsec0 -vvv
tcpdump: listening on ipsec0
10:43:33.699281 marajade.dasblinkenled.org.ntp > toc.nrc.ca.ntp:  v4 client strat 2 poll 7 prec -16 dist 0.060226 disp 
0.096023 ref toc.nrc.ca@3246795555.745932996 [|ntp] (DF) [tos 0x10]  (ttl 64, id 0, len 76)
10:43:33.707357 marajade.dasblinkenled.org.1024 > gateway.sandelman.ottawa.on.ca.domain:  19153+ [1au][|domain] (DF) 
(ttl 64, id 0, len 83)

marajade-[~] root 13 #tcpdump -V
tcpdump version 3.7.1
libpcap version 0.7
Usage: tcpdump [-adeflnNOpqRStuvxX] [ -c count ] [ -C file_size ]
                [ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ]
                [ -T type ] [ -w file ] [ -E algo:secret ] [ expression ]


]                   At IETF55 in Atlanta, GA                    |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
] printk("Just another Debian GNU/Linux using, kernel hacking, security guy");[

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPduuY4qHRg3pndX9AQGvRAQAzY+QJBdQvU8FXtM+bYDF9sqPh3YtgmeY
reePbNIAGtbcCazuXriUiro8C6wipT46kqNU7Uln6I2g1EAucWNarXhwl/v4QkUo
V/zV5YA3gaNdGJm4xTQ8wnU+KEsbdsEmMmXRc57DerJo4win1ruigf0d/ylfF92x
DKR6qS5QggI=
=YXhS
-----END PGP SIGNATURE-----
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

other interfaces ??? Michael D. Schleif (Nov 19)
- Re: other interfaces ??? Guy Harris (Nov 19)
- Re: other interfaces ??? Michael Richardson (Nov 20)