TCPDUMP problems with eth1

  CJ

    CJ Guest

    I'm having some problems with tcpdump. I need to capture only tcp
    traffic (no udp or icmp) on eth1. I have libpcap v0.6.2 and tcpdump
    v3.6.3 (both are the latest for RedHat v7.3)

    # tcpdump tcp
    # tcpdump -i eth0 tcp
    I get TCP trafic. Just what I want.

    # tcpdump -i eth1 tcp
    I get absolutely nothing.

    # tcpdump -i eth1
    I get all traffic including TCP.

    # tcpdump -i eth1 host
    I get absolutely nothing

    # tcpdump -i eth1 ether host 00:60:38:BD:56:5B and tcp
    I get nothing. This is the MAC for

    # tcpdump -i eth1 ether host 00:60:38:BD:56:5B
    I get all traffic for the host. Sample output is at the end of this

    So the question is... is this just a problem with this version? Could
    it have anything to do with the NIC? I wouldn't think so since
    capture works ok without the tcp keywords. Anybody seen something
    like this before?

    06:42:56.923414 P0 > S
    1864956980:1864956980(0) win 5840 <mss 1460,sackOK,timestamp 257784183
    0,nop,wscale 0> (DF) [tos 0x10]
    06:42:56.923712 P0 > S
    976909757:976909757(0) ack 1864956981 win 8192 <mss 1460,nop,wscale 0>
    06:42:56.924589 P0 > . ack 1 win
    5840 (DF) [tos 0x10]
    Jul 25, 2003
