tcpdump between Solaris and Linux servers??

Is it possible to run the tcpdump to capture the packets sent between a
Solaris and Linux server?
I tried it($tcpdump solaris-01 and linux-02), but it did not work i.e.
tcpdump does not capture any packets at all. If my understanding is
wrong, please let me know how exactly I can debug this.

(E-Mail Removed) wrote:
> Is it possible to run the tcpdump to capture the packets sent between a
> Solaris and Linux server?
> I tried it($tcpdump solaris-01 and linux-02), but it did not work i.e.
> tcpdump does not capture any packets at all. If my understanding is
> wrong, please let me know how exactly I can debug this.

If they're on a switch, a third machine won't see the traffic? Try
dumping on the Linux server involved.

(E-Mail Removed) wrote:
> Is it possible to run the tcpdump to capture the packets sent between a
> Solaris and Linux server?
> I tried it($tcpdump solaris-01 and linux-02), but it did not work i.e.
> tcpdump does not capture any packets at all. If my understanding is
> wrong, please let me know how exactly I can debug this.

The command you give above should have produced a syntax error.
On linux-02, something like

# tcpdump -nnpi eth0 host solaris-01

should give you what you want.

Allen Kistler wrote:
> (E-Mail Removed) wrote:
> > Is it possible to run the tcpdump to capture the packets sent between a
> > Solaris and Linux server?
> > I tried it($tcpdump solaris-01 and linux-02), but it did not work i.e.
> > tcpdump does not capture any packets at all. If my understanding is
> > wrong, please let me know how exactly I can debug this.
>
> The command you give above should have produced a syntax error.
No. It did not!

> On linux-02, something like
>
> # tcpdump -nnpi eth0 host solaris-01
>
> should give you what you want.
This worked. Thanks! But, I am wondering why 'tcpdump' did not work,
when I mention the host names directly.

I have given more information about what is happening here:
1) tcpdump host linux-1 and linux-2
- Works; Captures the packets between 2 different Linux servers

2) tcpdump host linux-1 and Solaris-3
- No Syntaxt error. The tcpdump runs and starts to listen, but it
does not capture any packets

3) tcpdump -nnpi eth2 host Solaris-3
- Works; Captures the packets between Linux server(at eth2) and
Solaris server

Here are my servers:
linux-1$ more /etc/SuSE-release
SUSE LINUX Enterprise Server 9 (x86_64)
VERSION = 9

Solaris-3$ more /etc/release
Solaris 9 9/04 s9s_u7wos_09 SPARC

All the servers(linux-1, linux2,Solaris-3) are in the same LAN.
Does anybody have a clue about why 'tcpdump host linux-1 and Solaris-3'
does not work?

(E-Mail Removed) wrote:

> 3) tcpdump -nnpi eth2 host Solaris-3
> - Works; Captures the packets between Linux server(at eth2) and
> Solaris server
> ------------------------------------------------
> Does anybody have a clue about why 'tcpdump host linux-1 and Solaris-3'
> does not work?
>

If you do not specify an interface tcpdump uses eth0 and your machines
are connected to eth2.

Ciao
Giovanni
--
A computer is like an air conditioner,
it stops working when you open Windows.
Registered Linux user #337974 < http://giovanni.homelinux.net/ >

Giovanni wrote:
> > 3) tcpdump -nnpi eth2 host Solaris-3
> > - Works; Captures the packets between Linux server(at eth2) and
> > Solaris server
> > ------------------------------------------------
> > Does anybody have a clue about why 'tcpdump host linux-1 and Solaris-3'
> > does not work?
> >
> If you do not specify an interface tcpdump uses eth0 and your machines
> are connected to eth2.
I checked for this:
---
linux-1# grep linux-1 /etc/hosts
10.10.10.1 linux-1-int Internal LAN
220.124.26.132 linux-1 Public LAN
---
linux-1# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1E:9C:6E:96:4A
inet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0
eth2 Link encap:Ethernet HWaddr 00:0F:4E7:1E:6C
inet addr:220.124.26.132 Bcast:220.124.255.255
Mask:255.255.0.0
---
Solaris-3$grep Solaris-3 /etc/hosts
220.124.26.47 Solaris-3

As I had mentioned earlier, I tried with
#tcpdump host linux-1 and Solaris-3
This should work, as the linux-1 is the IP address assigned for the
eth2 interface. But, it did not work.

When I tried with:
#tcpdump -nnpi eth2 host Solaris-3
it worked correctly.

It is still a mystery for me! Now, I suspect there is a bug in the
Linux release.

(E-Mail Removed) wrote:
> Giovanni wrote:
>>> 3) tcpdump -nnpi eth2 host Solaris-3
>>> - Works; Captures the packets between Linux server(at eth2) and
>>> Solaris server
>>> ------------------------------------------------
>>> Does anybody have a clue about why 'tcpdump host linux-1 and Solaris-3'
>>> does not work?
>>>
>> If you do not specify an interface tcpdump uses eth0 and your machines
>> are connected to eth2.
> I checked for this:
> ---
> linux-1# grep linux-1 /etc/hosts
> 10.10.10.1 linux-1-int Internal LAN
> 220.124.26.132 linux-1 Public LAN
> ---
> linux-1# ifconfig -a
> eth0 Link encap:Ethernet HWaddr 00:1E:9C:6E:96:4A
> inet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0
> eth2 Link encap:Ethernet HWaddr 00:0F:4E7:1E:6C
> inet addr:220.124.26.132 Bcast:220.124.255.255
> Mask:255.255.0.0
> ---
> Solaris-3$grep Solaris-3 /etc/hosts
> 220.124.26.47 Solaris-3
>
> As I had mentioned earlier, I tried with
> #tcpdump host linux-1 and Solaris-3
> This should work, as the linux-1 is the IP address assigned for the
> eth2 interface. But, it did not work.
>
> When I tried with:
> #tcpdump -nnpi eth2 host Solaris-3
> it worked correctly.
>
> It is still a mystery for me! Now, I suspect there is a bug in the
> Linux release.
>

ROTFL
# tcpdump -nnpi eth2 host Solaris-3
-i eth2 specifies the right interface
If you don't specify the interface tcpdump selects eth0. And eth0
dosn't carry any traffic to host linux-1

Ciao
Giovanni
--
A computer is like an air conditioner,
it stops working when you open Windows.
Registered Linux user #337974 < http://giovanni.homelinux.net/ >