Re: [tcpdump-workers] basic non-starter

Fri, 26 Apr 2002 14:50:15 -0700 

Harry Putnam <[EMAIL PROTECTED]> writes:

[...]

Guy Harris wrote:
>> If you're not running tcpdump on satwin.local.lan, the problem may be
>> that satwin.local.lan is on a switched network or a 10/100 hub, so that
>> not all traffic to and from it is seen by the machine on which you're
>> running tcpdump:
>>
>>      http://www.ethereal.com/faq.html#q4.1
>

Harry wrote:
> Looks like this may be the source of my confusion.
> A snippet from an online description of my model:
>
>   With an Ethernet cable and integrated four-port switch, the system
                                                    ^^^^^^
>   allows high-speed Internet sharing, virtual private network (VPN)
>   pass-through, and easy Web-based setup. Designed for up to eight
>   users, the FR314 firewall router can be expanded to accommodate as
>   many as 45 users.
>
>> If it's a multi-homed host, does traffic to the sites to which you're
>
> Not multihomed.
>
> Thanks, I think you nailed it about the switch business.
>


Looks like I may have spook too soon.  I went and got a regular old
hub and hooked it up like below:

                 INTERNET   
                    |
                 ADSL MODEM (IP ADDRESS [static])
                    |
_______NETGEAR FR314 .01 (ROUTER/switch/firewall)______________
|            |             |           |            |
.2          .3             |          .4            .6
                           |
                       simple hub  <= added this         
                       |        |
                       |        |
                      .5       .7
                       |
               TCPdump running 
                    here.

In that config running tcpdump on .5 like this:
   root # tcpdump host 192.168.0.7
  tcpdump: listening on eth0

Now fire up a browser on .7 ... and I see nothing at all.
Now I know both machines are hooked to the same hub which isn't
switched, or at least the guy in comp.usa said it wasn't and there is
no mention of switch in the specs.  Its a NETGEAR 108 Hub (8 ports)

That machine .7 is a laptop that was booted into win98.  I booted it
into linux:

     ifconfig shows 192.168.0.4 on eth0


 root # tcpdump host 192.168.0.4
tcpdump: listening on eth0
14:47:42.738413 arp who-has fw.local.lan tell satellite.local.lan

Fire up lynx and browse a little, but all I see is the line above

fw.local.lan is the router/gateway in the picture above
satellite.local.lan is 192.168.0.4


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

Reply via email to