On Sat, Apr 14, 2001 at 05:41:54PM +0200, Palka Stanislaw wrote:
> I use modem adsl with kernel 2.4.3 and patch pppoatm-1. Everything
> works. But output of tcpdump
> is very strange:
> -------------------------------------------
> tcpdump -tn -i ppp0 not host 195.36.210.20
Linux's PPP implementation handles the link layer headers in a way
that means it doesn't work well with programs such as tcpdump that
capture packets:
some PPP code strips it off in such a way that even sniffer
programs like tcpdump won't see it - libpcap currently assumes
that's always the case, but it means that non-IP packets on the
PPP connection will be misinterpreted;
other PPP code leaves it on, but libpcap currently doesn't try
to recognize syncppp devices, and, as such mishandles that;
still other PPP code (PPP-over-ISDN) appears, in at least some
places, to cause the length of the header to differ from packet
to packet.
The current CVS tree version of libpcap just gives up and runs PPP
devices in "cooked mode", throwing away the link-layer header and
synthesizes a fake header instead. Try downloading the "Current Tar
files" versions of libpcap and tcpdump from
http://www.tcpdump.org/daily/libpcap-current.tar.gz
http://www.tcpdump.org/daily/tcpdump-current.tar.gz
and building those, and see if they work better. (Send mail to
tcpdump-workers telling us what happens.)
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
