[tcpdump-workers] tcpdump issue::

Fri, 22 Mar 2002 11:46:18 -0800 

hi ,

i have my interface doing a promiscuous listening on a catalyst port
which is spanning the switch uplink to the ISP.  I intend to see all
the traffic going through this interface, which I do if I use the
option -n.  Upon trying to use any filters such as 'tcp or udp or
icmp', we hardly see any pkts captured.

thanks for any help...

here is some output i see::

14:35:41.459472 P 0:8:20:db:1d:bc 0:0:0:0:0:1 8100 1518: 802.1Q vlan#251
P0130.207.108.134.62343 > 65.29.128.53.2067: . 2920:4380(1460) ack 1 win
5840 (DF)
                         00fb 0800 4500 05dc 0fb0 4000 3e06 76c4
                         82cf 6c86 411d 8035 f387 0813 0574 79e4
                         08aa aa2b 5010 16d0 2c1c 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000


***********
this packet is TCP packet.. protocol = 6

But i do not see this when i use

tcpdump -i eth1 'tcp'

or

tcpdump -i eth1 tcp

Is it anyway because the traffic is of Vlan or something...

any pointers ??


**************


14:35:41.459473 P 0:8:20:db:1d:bc 0:0:0:0:0:1 8100 405: 802.1Q vlan#251
P0130.207.11.138.6346 > 165.138.204.4.59858: P 1:348(347) ack 69 win 7782
(DF)
                         00fb 0800 4500 0183 e71d 4000 7f06 136f
                         82cf 0b8a a58a cc04 18ca e9d2 35a3 d775
                         42bc 458c 5018 1e66 b0c3 0000 4101 0104
                         0e00 0000 ca18 043f 28c5 1200 0000 1818
                         0100 6c69 7461 6c65 7200 7fcc 11b4 0b3d
                         6241 0101 030e 0000 00ca 180c e304 0b01
                         0000 00f6 1200 006c 6974 616c 6572 007f
                         cc11 b40b 3d62 4101 0102 0e00 0000 ca18
                         d98d 967b 0200 0000 d81f 0000 6c69 7461
14:35:41.459597 P 0:8:20:db:1d:bc 0:0:0:0:0:1 8100 1518: 802.1Q vlan#251
P0130.207.108.134.62343 > 65.29.128.53.2067: . 4380:5840(1460) ack 1 win
5840 (DF)
                         00fb 0800 4500 05dc 0fb1 4000 3e06 76c3
                         82cf 6c86 411d 8035 f387 0813 0574 7f98
                         08aa aa2b 5010 16d0 ccb4 0000 0000 2b90
                         0000 0004 0000 0449 0000 0008 0000 2ba0
                         0000 0004 0000 0458 0000 0004 0000 2ba4
                         0000 0003 0000 0459 0000 0008 0000 2bb0
                         0000 0003 0000 045a 0000 0004 0000 2bc8
                         0000 0001 0000 045b 0000 0008 0000 2bcc
                         0000 0001 0000 045c 0000 0004 0000 2bd0

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe

Reply via email to