TCPDUMP problems with eth1

Discussion in 'Linux Networking' started by CJ, Jul 25, 2003.

  1. CJ

    CJ Guest

    I'm having some problems with tcpdump. I need to capture only tcp
    traffic (no udp or icmp) on eth1. I have libpcap v0.6.2 and tcpdump
    v3.6.3 (both are the latest for RedHat v7.3)

    # tcpdump tcp
    or
    # tcpdump -i eth0 tcp
    I get TCP trafic. Just what I want.

    # tcpdump -i eth1 tcp
    I get absolutely nothing.

    # tcpdump -i eth1
    I get all traffic including TCP.

    # tcpdump -i eth1 host 172.30.1.20
    I get absolutely nothing

    # tcpdump -i eth1 ether host 00:60:38:BD:56:5B and tcp
    I get nothing. This is the MAC for 172.30.1.20

    # tcpdump -i eth1 ether host 00:60:38:BD:56:5B
    I get all traffic for the host. Sample output is at the end of this
    post.

    So the question is... is this just a problem with this version? Could
    it have anything to do with the NIC? I wouldn't think so since
    capture works ok without the tcp keywords. Anybody seen something
    like this before?


    06:42:56.923414 P0 172.30.1.254.2025 > 172.30.1.20.telnet: S
    1864956980:1864956980(0) win 5840 <mss 1460,sackOK,timestamp 257784183
    0,nop,wscale 0> (DF) [tos 0x10]
    06:42:56.923712 P0 172.30.1.20.telnet > 172.30.1.254.2025: S
    976909757:976909757(0) ack 1864956981 win 8192 <mss 1460,nop,wscale 0>
    06:42:56.924589 P0 172.30.1.254.2025 > 172.30.1.20.telnet: . ack 1 win
    5840 (DF) [tos 0x10]
     
    CJ, Jul 25, 2003
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.