Guy Harris wrote:
>
> Try
>
> tcpdump -R -e -x -i eth0 ether multicast
>
> The "-R" flag tells tcpdump to capture in "raw" mode rather than
> "cooked" mode, so that the Ethernet headers are supplied to tcpdump from
> libpcap.
Thanks. It worked.
>
> If that works, then your Linux distribution probably has the "improved"
> tcpdump, in which case it's also not running in promiscuous mode by
> default. To make the "improved" tcpdump work the exact same way as
> normal tcpdump, you also need to supply the "-p" flag, which turns
> promiscuous mode *on* in the "improved" version, rather than turning it
> off as is the case with the standard version.
>
> > I am using linux 2.2.14
>
> Actually, you're using some version of some Linux *distribution*;
> identifying the kernel that a particular system is running is
> insufficient to indicate what OS you're running - much of the behavior
> of your system is governed by the userland code in it, rather than the
> kernel code in it.
I compiled the 2.2.14 code and running it. Hence I am
pretty much sure of the version of kernel code.
Thanks,
Srivatsan
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
