ex0 bpf tcpdump does not see all traffic

ex0 bpf tcpdump does not see all traffic

Post by Kevin Connoll » Fri, 16 Jul 1999 04:00:00



ifconfig ex0 says it is in PROMISC but still tcpdump only
dumps broadcasts and traffic addressed to my IP address.

I have re-compiled kernel with pseudo-device bpfilter
before I shipped the machine to its new location and a quick
(too quick) test. Now I notice that I can't see traffic.

FreeBSD 2.2.7 with Intel EtherExpress Pro/10+

Could this be related to the bug report about if_ex.c not
recognising the "+" card?

It's a remote machine (250 km away) so unless I knew for sure that
a new driver will fix my problem I'm reluctant to recompile
the kernel as I cannot boot -cv and I know that there will be
conflicts. I will try to eliminate all conflicts by pruning
the kernel config but....

All help welcome, I'm trying to fix a network problem on a
remote ethernet and need to get tcpdump working first.

Kevin

Quote:>>>>> Remove the NOSPAM from address to reply <<<<<<<

 
 
 

1. (Q) constant traffic as seen by tcpdump

I notice that after setting up ipmasq
there is a constant stream of packets
even when nothing is happening.
Is this normal?
Here is a half-second's worth:
===============================
Script started on Wed Jan  2 00:54:21 2002

tcpdump: listening on eth1
00:54:32.287041 alfred.murphy.ie.telnet > william.proxim.1045: P 2027099440:2027099442(2) ack 2174463454 win 6432 <nop,nop,timestamp 1546739 187511> (DF) [tos 0x10]
00:54:32.296502 william.proxim.1045 > alfred.murphy.ie.telnet: . ack 2 win 33232 <nop,nop,timestamp 187513 1546739> (DF) [tos 0x10]
00:54:32.296611 alfred.murphy.ie.telnet > william.proxim.1045: P 2:30(28) ack 1 win 6432 <nop,nop,timestamp 1546740 187513> (DF) [tos 0x10]
00:54:32.307992 william.proxim.1045 > alfred.murphy.ie.telnet: . ack 30 win 33232 <nop,nop,timestamp 187514 1546740> (DF) [tos 0x10]
00:54:32.308058 alfred.murphy.ie.telnet > william.proxim.1045: P 30:473(443) ack 1 win 6432 <nop,nop,timestamp 1546741 187514> (DF) [tos 0x10]
00:54:32.325476 william.proxim.1045 > alfred.murphy.ie.telnet: . ack 473 win 33232 <nop,nop,timestamp 187516 1546741> (DF) [tos 0x10]
00:54:32.325539 alfred.murphy.ie.telnet > william.proxim.1045: P 473:753(280) ack 1 win 6432 <nop,nop,timestamp 1546743 187516> (DF) [tos 0x10]
00:54:32.375087 william.proxim.1045 > alfred.murphy.ie.telnet: . ack 753 win 33232 <nop,nop,timestamp 187521 1546743> (DF) [tos 0x10]
00:54:32.375161 alfred.murphy.ie.telnet > william.proxim.1045: P 753:1035(282) ack 1 win 6432 <nop,nop,timestamp 1546748 187521> (DF) [tos 0x10]
...
254 packets received by filter
0 packets dropped by kernel

Script done on Wed Jan  2 00:54:42 2002
===============================

--
Timothy Murphy  

tel: 086-233 6090
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

2. How to run Linux sdoom over modem?

3. tcpdump only sees traffic one-way. Why?

4. File transfer from Solaris to PC (windows)

5. tcpdump/bpf [/dev/bpf0 - device not configured]

6. Problem with Quotas...Help!

7. freebsd 4.3 tcpdump/snort problem not showing tcp traffic

8. ncurses and ptrace

9. Tcpdump sees "echo reply" but ping does not

10. ntop not seeing any traffic

11. bpf config for tcpdump

12. tcpdump problem (BPF unconfigured)

13. /dev/bpf* & tcpdump