Hi,
My tcpdump 3.6.2 (libpcap 0.6.2) on Linux 2.4/glibc 2.2.2 system is
doing strange thing.
Filter isn't applied at beggining (or something like that) ...
In first seconds other packets than specified at command line
are displayed. After that small amount of time everything
is ok and only proper packets are displayed.
Few examples:
1)
[root@arm misiek]# tcpdump -n host 192.168.0.1
tcpdump: listening on eth0
16:55:08.887382 156.17.211.119.1557025759 > 156.17.209.1.2049: 112 read [|nfs] (DF)
then everything i sok
16:56:02.983200 arp who-has 192.168.0.2 tell 192.168.0.1
16:56:02.985623 arp reply 192.168.0.2 is-at 0:c0:df:f7:2a:2d
...
2)
[root@arm misiek]# tcpdump -n host 192.168.0.1
tcpdump: listening on eth0
16:57:51.074746 192.168.0.2.1811 > 156.17.209.1.139: P 28504313:28504368(55) ack
3902684781 win 7732>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=51 (0x33)
SMB PACKET: SMBreadbraw (REQUEST)
(DF)
...
then everything is ok
3)
[root@arm misiek]# tcpdump -n host 192.168.0.1
tcpdump: listening on eth0
16:58:31.702672 156.17.211.119.22 > 193.0.97.1.3511: . 4153105004:4153106452(1448) ack
38940839 win 7504 <nop,nop,timestamp 15717371 10218794> (DF)
16:58:31.702931 156.17.211.119.20 > 156.17.213.113.1179: P 807207341:807208801(1460)
ack 585185 win 5840 (DF)
16:58:31.703297 156.17.209.1 > 156.17.211.119: (frag 55581:928@7400)
...
then everything is ok
Any solutions/patches?
--
Arkadiusz MiĆkiewicz, AM2-6BONE [ PLD GNU/Linux IPv6 ]
http://www.t17.ds.pwr.wroc.pl/~misiek/ipv6/ [ enabled ]
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
