Harry Putnam <[EMAIL PROTECTED]> writes: [...]
Guy Harris wrote: >> If you're not running tcpdump on satwin.local.lan, the problem may be >> that satwin.local.lan is on a switched network or a 10/100 hub, so that >> not all traffic to and from it is seen by the machine on which you're >> running tcpdump: >> >> http://www.ethereal.com/faq.html#q4.1 > Harry wrote: > Looks like this may be the source of my confusion. > A snippet from an online description of my model: > > With an Ethernet cable and integrated four-port switch, the system ^^^^^^ > allows high-speed Internet sharing, virtual private network (VPN) > pass-through, and easy Web-based setup. Designed for up to eight > users, the FR314 firewall router can be expanded to accommodate as > many as 45 users. > >> If it's a multi-homed host, does traffic to the sites to which you're > > Not multihomed. > > Thanks, I think you nailed it about the switch business. > Looks like I may have spook too soon. I went and got a regular old hub and hooked it up like below: INTERNET | ADSL MODEM (IP ADDRESS [static]) | _______NETGEAR FR314 .01 (ROUTER/switch/firewall)______________ | | | | | .2 .3 | .4 .6 | simple hub <= added this | | | | .5 .7 | TCPdump running here. In that config running tcpdump on .5 like this: root # tcpdump host 192.168.0.7 tcpdump: listening on eth0 Now fire up a browser on .7 ... and I see nothing at all. Now I know both machines are hooked to the same hub which isn't switched, or at least the guy in comp.usa said it wasn't and there is no mention of switch in the specs. Its a NETGEAR 108 Hub (8 ports) That machine .7 is a laptop that was booted into win98. I booted it into linux: ifconfig shows 192.168.0.4 on eth0 root # tcpdump host 192.168.0.4 tcpdump: listening on eth0 14:47:42.738413 arp who-has fw.local.lan tell satellite.local.lan Fire up lynx and browse a little, but all I see is the line above fw.local.lan is the router/gateway in the picture above satellite.local.lan is 192.168.0.4 - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe