On Wed, Mar 14, 2001 at 10:56:44PM -0800, khoa Nguyen canh wrote:
> Hi,
> I have trouble with tcpdump. I setup my network with
> three computer. The addresses are 200.1.1.5, 200.1.1.6
> 200.1.1.1. I pinged among them. They worked correctly.
> When I pinged from 200.1.1.5 to 200.1.1.6 and i run
> the command tcpdump on the computer with ip 200.1.1.1:
> tcpdump -w-
> There's nothing on my computer screen with address
> 200.1.1.1. My system is redhat linux 6.2. I don't know
> the reason why.
One reason why might be that your three computers are plugged into a
switched network. If they are, then if the machine with the IP address
200.1.1.5 sends a packet to the switch, with the packet having an
Ethernet destination address corresponding to the 200.1.1.6 network
interface of the 200.1.1.6 machine, the switch might deliver that packet
to the switch port for the 200.1.1.6 network interface, but *not*
deliver that packet to the switch port into which the 200.1.1.1
machine's interface is plugged.
I.e., switched Ethernets don't behave like traditional Ethernets -
packets are not sent to all hosts on the network, they're just sent to
the hosts that are "supposed" to receive the packet.
> Please help me to solve this problem.
If that's the case, the only way to solve the problem would be to
configure the switch to "mirror" all traffic going through the switch
onto the port into which the 200.1.1.1 machine is plugged.
You'd have to read the documentation for the switch to see whether this
can be done and, if so, how to do it. I'm not sufficiently familiar
with the way you configure network switches to help you configure it.
(There's already an entry about this in the FAQ on the Ethereal Web
site:
http://www.ethereal.com/faq.html#q3.6
Perhaps there should be an entry about it in the tcpdump.org Web site's
FAQ as well.)
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
