Re: [tcpdump-workers] basic non-starter

Thu, 25 Apr 2002 22:53:50 -0700 

Guy Harris <[EMAIL PROTECTED]> writes:

> On Thu, Apr 25, 2002 at 08:34:09PM -0700, Harry Putnam wrote:
>> I'll admit I'm not the sharpest tool in the shed but my feeble reading
>> man tcpdump indicates that this command should show traffic on a
>> specific host:
>>          tcpdump host 192.168.0.7
>> And in fact if I start a ping of the host from local machine
>> 192.168.0.5 I do see the traffic.  But if I slide over to the console
>> of 192.168.0.7 and run a browser, I see only this one line:
>> 20:30:16.497123 arp who-has fw.local.lan tell satwin.local.lan
>> 
>> (satwin.local.lan is 192.168.0.7)
>> 
>> Although the broser is connecting to sites online I don't see the
>> traffic.
>
> Are you running the tcpdump on satwin.local.lan, on the machine from
> which you did the ping, or on some other machine?

No, as noted from 192.168.0.5  But to avoid further confusion I'll
provide a little ascii art:

                          INTERNET
                              |
                          DSL MODEM
                              |
  ______________NETGEAR FR314 DSL/Firewall/router___
  |            |                |                   |
 Mach1       mach2            mach3               mach4
            satwin            reader
          192.168.0.7        192.168.0.5 

> If you're not running tcpdump on satwin.local.lan, the problem may be
> that satwin.local.lan is on a switched network or a 10/100 hub, so that
> not all traffic to and from it is seen by the machine on which you're
> running tcpdump:
>
>       http://www.ethereal.com/faq.html#q4.1

Looks like this may be the source of my confusion.
A snippet from an online description of my model:

  With an Ethernet cable and integrated four-port switch, the system
  allows high-speed Internet sharing, virtual private network (VPN)
  pass-through, and easy Web-based setup. Designed for up to eight
  users, the FR314 firewall router can be expanded to accommodate as
  many as 45 users.

> If it's a multi-homed host, does traffic to the sites to which you're

Not multihomed.

Thanks, I think you nailed it about the switch business.

So I guess that means I'd have to sniff on all machines to really find
out anything.

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

Reply via email to