On Fri, Oct 05, 2007 at 05:31:25PM -0600, [EMAIL PROTECTED] wrote:
> I'm having trouble seeing packets which are not going to or from the
> machine on which tcpdump is running.  Is there something special I
> need to do to enable this?  It's my understanding tcpdump puts the
> interface in promiscuous mode, and dmesg seems to confirm this.
> However I see the following behavior using "tcpdump -fntl -i ed1":
> 
> If hosts .x, .y, and .z are all on the same network,
> and if tcpdump is running on host a.b.c.x
> and on host a.b.c.y I do
>  ping a.b.c.x
> 
> I see the icmp packets.
> 
> But if on host a.b.c.y I do
>  ping a.b.c.z
> 
> I see nothing.
> Does the interface drop packets with a different mac address, even
> when supposedly put in promiscuous mode?
> 
> Clues?

You're probably plugged into a switch ("learning bridge"). Switches
partition your collision domain -- they learn which MAC is available on
which port and only send on that port.

You either need a hub or a really expensive switch (the kind that you
log in to and set up port mirrors).

-- 
Chris Cowart
Lead Systems Administrator
Network & Infrastructure Services, RSSP-IT
UC Berkeley

Attachment: pgpHpDgl1KEhH.pgp
Description: PGP signature

Reply via email to