Guy Harris <[EMAIL PROTECTED]> writes: > On Thu, Apr 25, 2002 at 08:34:09PM -0700, Harry Putnam wrote: >> I'll admit I'm not the sharpest tool in the shed but my feeble reading >> man tcpdump indicates that this command should show traffic on a >> specific host: >> tcpdump host 192.168.0.7 >> And in fact if I start a ping of the host from local machine >> 192.168.0.5 I do see the traffic. But if I slide over to the console >> of 192.168.0.7 and run a browser, I see only this one line: >> 20:30:16.497123 arp who-has fw.local.lan tell satwin.local.lan >> >> (satwin.local.lan is 192.168.0.7) >> >> Although the broser is connecting to sites online I don't see the >> traffic. > > Are you running the tcpdump on satwin.local.lan, on the machine from > which you did the ping, or on some other machine?
No, as noted from 192.168.0.5 But to avoid further confusion I'll provide a little ascii art: INTERNET | DSL MODEM | ______________NETGEAR FR314 DSL/Firewall/router___ | | | | Mach1 mach2 mach3 mach4 satwin reader 192.168.0.7 192.168.0.5 > If you're not running tcpdump on satwin.local.lan, the problem may be > that satwin.local.lan is on a switched network or a 10/100 hub, so that > not all traffic to and from it is seen by the machine on which you're > running tcpdump: > > http://www.ethereal.com/faq.html#q4.1 Looks like this may be the source of my confusion. A snippet from an online description of my model: With an Ethernet cable and integrated four-port switch, the system allows high-speed Internet sharing, virtual private network (VPN) pass-through, and easy Web-based setup. Designed for up to eight users, the FR314 firewall router can be expanded to accommodate as many as 45 users. > If it's a multi-homed host, does traffic to the sites to which you're Not multihomed. Thanks, I think you nailed it about the switch business. So I guess that means I'd have to sniff on all machines to really find out anything. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe