Rob, we run SLES10 with :
lnxt002:~ # rpm -q tcpdump tcpdump-3.9.4-14.2 Any suggestions for the datalinktype, I tried a few, but they are not accepted, or when specifying En10MB I get the same junk as without the -y option. Same for the SLES9 system we run: lnxt003:~ # rpm -q tcpdump tcpdump-3.8.1-49.1 regards, Harry -----Oorspronkelijk bericht----- Van: Linux on 390 Port [mailto:[EMAIL PROTECTED] Namens Rob van der Heij Verzonden: Wednesday, May 16, 2007 1:19 PM Aan: [email protected] Onderwerp: Re: TCPIP sniffering On 5/16/07, Harry Metske <[EMAIL PROTECTED]> wrote: > When we do this on zLinux, we see only weird packets passing, not > anything that is recognized by either tcpdump or ethereal. > The packets look like this : The level 3 packets are plain IP. I believe there was something done to the tcpdump package by SuSE to make it pick the proper type. You might be able to convince it with the "-y" option. Mine just works out of the box (SLES9 64bit) lrobv1:~ # rpm -q tcpdump tcpdump-3.8.1-49.4 lrobv1:~ # tcpdump -i hsi0 -n -c 20 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on hsi0, link-type EN10MB (Ethernet), capture size 96 bytes 04:13:40.484243 IP 212.61.81.181.3969 > 148.100.96.70.22: . ack 421602459 win 16024 04:13:40.537029 IP 148.100.96.70.22 > 212.61.81.181.3969: P 1:217(216) ack 0 win 19296 04:13:40.536892 IP 148.100.96.70.22 > 212.61.81.181.3969: P 217:333(116) ack 0 win 19296 04:13:40.641418 IP 212.61.81.181.3969 > 148.100.96.70.22: . ack 333 win 15692 04:13:40.641458 IP 148.100.96.70.22 > 212.61.81.181.3969: P 333:485(152) ack 0 win 19296 04:13:40.641753 IP 148.100.96.70.22 > 212.61.81.181.3969: P 485:569(84) ack 0 win 19296 04:13:40.746184 IP 212.61.81.181.3969 > 148.100.96.70.22: . ack 569 win 15456 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ================================================ De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. Rabobank Nederland is een handelsnaam van de Cooperatieve Centrale Raiffeisen-Boerenleenbank B.A.Rabobank Nederland staat ingeschreven bij de K.V.K. onder nr. 30046259 ================================================ The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. Rabobank Nederland is a trade name of Cooperatieve Centrale Raiffeisen-Boerenleenbank B.A. Rabobank Nederland is registered by the Chamber of commerce under nr. 30046259 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
