Hi All,
I need to monitor a link with MPLS enabled. Is it possible to filter
MPLS packets based on IP header fields? IP header is after MPLS header
and tcpdump correctly recognizes that:
tcpdump -n -i eth1 -vv ether proto 0x8847
12:01:33.175076 MPLS (label 39, exp 0, [S], ttl 255)
IP (tos 0x0, ttl 60, id 10954, offset 0, flags [DF], length: 1500)
147.32.127.222.80 > 82.57.120.192.11472: . 4380:5840(1460) ack 1 win
1728
but when I add filter for say source IP address, tcpdump fails:
tcpdump -n -i eth1 -vv ether proto 0x8847 and src net 195.113.0.0/16
eth1 not found (did you install the module?), down or already in use.
Using Linux packet capture on eth1
tcpdump: WARNING: setsockopt: Protocol not available
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: expression rejects all packets
when I try just to filter source IP addresses without requesting packets
with MPLS headers, it works, but tcpdump returns only packets that did
not have an MPLS header (multicast and a few other special packets of
inter-router communication):
tcpdump -n -i eth1 -vv src net 195.113.0.0/16
12:13:32.240979 IP 195.113.69.53 > 224.0.0.13: pim v2 Join/Prune
upstream-neighbor=195.113.69.54 groups=1 holdtime=3m30s (group0: 233.10.47.22
join=1
194.160.9.2(S) prune=0)
Thanks.
Regards,
Sven Ubik
CESNET
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
