On Jun 26, 2017, at 12:45 AM, Zheng, Ruoqin <zhengrq.f...@cn.fujitsu.com> wrote:
> The case is like this, I config my NIC to vlan subnet as:
> #ifconfig
> eth0.100 Link encap:Ethernet HWaddr 00:04:9f:04:b0:04
> inet addr:192.168.255.1 Bcast:192.168.255.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> And I test it with ping: ping -q -c 50 -I eth0.100 192.168.255.2&
> tcpdump -c 10 -ex -i eth0 ether broadcast
>
> The problem is that I tcpdump can’t capture the package with VLAN tag
What does
tcpdump -d -i eth0 ether broadcast
print?
> But when I add the option –n:
> tcpdump –n -c 10 -ex -i eth0 ether broadcast
> tcpdump can capture the package with VLAN tag
> 00:59:40.485131 00:04:9f:04:b0:04 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
> (0x8100), length 46: vlan 100, p 0, ethertype ARP, Request who-has
> 192.168.255.2
> 0x0000: 0064 0806 0001 0800 0604 0001 0004 9f04
> 0x0010: b004 c0a8 ff01 0000 0000 0000 c0a8 ff02
>
> I don’t know how can this happen, does anyone know the reason?
What does
tcpdump -n -d -i eth0 ether broadcast
print?
> By the way, in the manual of tcpdump, it says
> -n Don't convert host addresses to names. This can be used to avoid
> DNS lookups.
> How should I understand it?
It means that, when printing packet data, tcpdump won't convert host IPv4,
IPv6, MAC, and some other addresses to names, so, for example, it'd print
"192.168.17.2" rather than "example.com" as a source or destination IPv4
address.
That shouldn't affect the generated filter code, which is what tcpdump prints
when you run it with "-d". That filter code should control what packets
tcpdump sees or doesn't see.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
