I'm having some problems with tcpdump. I need to capture only tcp
traffic (no udp or icmp) on eth1. I have libpcap v0.6.2 and tcpdump
v3.6.3 (both are the latest for RedHat v7.3)
# tcpdump tcp
or
# tcpdump -i eth0 tcp
I get TCP trafic. Just what I want.
# tcpdump -i eth1 tcp
I get absolutely nothing.
# tcpdump -i eth1
I get all traffic including TCP.
# tcpdump -i eth1 host 172.30.1.20
I get absolutely nothing
# tcpdump -i eth1 ether host 00:60:38:BD:56:5B and tcp
I get nothing. This is the MAC for 172.30.1.20
# tcpdump -i eth1 ether host 00:60:38:BD:56:5B
I get all traffic for the host. Sample output is at the end of this
post.
So the question is... is this just a problem with this version? Could
it have anything to do with the NIC? I wouldn't think so since
capture works ok without the tcp keywords. Anybody seen something
like this before?
06:42:56.923414 P0 172.30.1.254.2025 > 172.30.1.20.telnet: S
1864956980:1864956980(0) win 5840 <mss 1460,sackOK,timestamp 257784183
0,nop,wscale 0> (DF) [tos 0x10]
06:42:56.923712 P0 172.30.1.20.telnet > 172.30.1.254.2025: S
976909757:976909757(0) ack 1864956981 win 8192 <mss 1460,nop,wscale 0>
06:42:56.924589 P0 172.30.1.254.2025 > 172.30.1.20.telnet: . ack 1 win
5840 (DF) [tos 0x10]
|
Similar Threads
Linear Mode
