On Fri, Mar 22, 2002 at 02:50:32PM -0500, Ashley Thomas wrote:
> this packet is TCP packet.. protocol = 6
>
> But i do not see this when i use
>
> tcpdump -i eth1 'tcp'
>
> or
>
> tcpdump -i eth1 tcp
Those two commands are exactly equivalent; tcpdump gets passed the exact
same command-line argument list for both (the shell would remove the
quotes).
> Is it anyway because the traffic is of Vlan or something...
Probably.
To quote the current tcpdump man page:
expression
selects which packets will be dumped. If no expression
is given, all packets on the net will be dumped. Oth-
erwise, only packets for which expression is `true'
will be dumped.
The expression consists of one or more primitives.
Primitives usually consist of an id (name or number)
preceded by one or more qualifiers. ...
...
Allowable primitives are:
...
vlan [vlan_id]
True if the packet is an IEEE 802.1Q VLAN packet.
If [vlan_id] is specified, only true is the packet
has the specified vlan_id. Note that the first
^^^^^^^^^^^^^^^^^^^^^^
vlan keyword encountered in expression changes the
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
decoding offsets for the remainder of expression
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
on the assumption that the packet is a VLAN
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
packet.
^^^^^^
So try
tcpdump -i eth1 vlan tcp
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
