On Thu, Apr 25, 2002 at 08:34:09PM -0700, Harry Putnam wrote:
> I'll admit I'm not the sharpest tool in the shed but my feeble reading
> man tcpdump indicates that this command should show traffic on a
> specific host:
> tcpdump host 192.168.0.7
> And in fact if I start a ping of the host from local machine
> 192.168.0.5 I do see the traffic. But if I slide over to the console
> of 192.168.0.7 and run a browser, I see only this one line:
> 20:30:16.497123 arp who-has fw.local.lan tell satwin.local.lan
>
> (satwin.local.lan is 192.168.0.7)
>
> Although the broser is connecting to sites online I don't see the
> traffic.
Are you running the tcpdump on satwin.local.lan, on the machine from
which you did the ping, or on some other machine?
If you're not running tcpdump on satwin.local.lan, the problem may be
that satwin.local.lan is on a switched network or a 10/100 hub, so that
not all traffic to and from it is seen by the machine on which you're
running tcpdump:
http://www.ethereal.com/faq.html#q4.1
If you're running tcpdump on satwin.local.lan, is it a multi-homed host?
I.e., does it have more than one network interface?
If it's a multi-homed host, does traffic to the sites to which you're
connecting go through the interface for 192.168.0.7, or another
interface? If it goes through another interface, you'd need to run
tcpdump on *that* interface, with a "-i" flag.
If it's not a multi-homed host, are you certain that the browser isn't
just using stuff from its local cache, rather than going over the
network? If satwin.local.lan is a UNIX box, try running "netstat 1" on
it while you're connecting to those sites.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
