Hello,
we've had a FreeBSD 5.2.1-RELEASE machine with four Intel 100/1000 NICs
(em(4)). The monitoring port of our HP 4140gl switch was hooked up to
one of the four NICs. This has allowed us to do traffic accounting and
detecting network problems by utilizing tcpdump. We've recently upgraded
the machine to at first FreeBSD 6.3, afterwards to FreeBSD 7.0. In both
versions commands like
tcpdump -n -i em3 host 217.172.x.y (em3 is the NIC that goes to the
4140gl monitoring port)
don't produce any output anymore. In general, tcpdump does work, as
through a normal non-monitoring port at e.g. em0, all tcpdump commands
(host xyz, net xyz, arp etc.) work like expected and produce the
appropriate results.
If tcpdump is being invoked without any arguments (tcpdump -n -i em3) it
shows all packets coming in through the monitoring port, however, as
soon as we try to filter by specific tcpdump expressions, it doesn't
show any results.
Were there any changes to tcpdump, the em driver, pcap or another part
of the OS in recent history which could lead to such a behavior? Again,
regular packets on any em-interface we can collect just fine, just the
packets coming in through the monitoring port are being ignored...
Any advise?
Thanks
Markus
$ ifconfig em0
em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu
1500
options=9bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM
ether 00:e0:81:62:1c:7a
inet 217.172.a.b netmask 0xff00 broadcast 217.172.a.c
media: Ethernet autoselect (1000baseTX full-duplex)
status: active
$ ifconfig em3
em3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu
1500
options=9bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM
ether 00:e0:81:62:1c:7b
inet 192.168.200.2 netmask 0xff00 broadcast 192.168.200.255
media: Ethernet autoselect (1000baseTX full-duplex)
status: active
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
