yeah, its called tethereal JAson
On Mon, Aug 14, 2006 at 11:58:51AM -0400, [EMAIL PROTECTED] wrote: > Ethereal? Don't they have a CLI? > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Ryan Leathers > Sent: Monday, August 14, 2006 11:55 AM > To: [email protected] > Subject: [TriLUG] tcpdump src matching problem > > So, tcpdump isn't matching what I want it to. > > Quick requirement: > > I want tcpdump to capture the first frame it sees of a certain multicast > type. I don't want it to match on a frame with a particular source > address. Sound simple enough? > > Problem: > > frames from the unwanted src MAC are being matched anyway > > > More detail: > > I want to see a CDP packet from the Cisco switch I am connected to. I > don't care to run this 24x7. I just need an answer-on-demand where I > run the script and see which switch and port I am connected to. > > I have some parsing lines in a bash script to make the output pretty. > I don't want to parse more than the first match I see, since that makes > the parsing tougher, however, since I also send CDP packets out to > advertise my Linux host to the Cisco switch, I also need to make sure > that my own CDP multicast is not being matched or the results will be > useless. > > I use this line to find my MAC address: > export lowestmac=`ifconfig | grep HWaddr -m 1 | awk '{print $5}'` > > I use this line to match the frame: > tcpdump -c 1 -tvs 1500 ether dst 01:00:0c:cc:cc:cc and not ether src > $lowestmac > $cdpdata > > Then I parse the stuff in $cdpdata > > The trouble is the "not ether src $lowestmac" doesn't seem to be > observed and I get matches from my Linux host anyway. > > Any thoughts on this? > > > > > -- > TriLUG mailing list : > http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member > Services FAQ : http://members.trilug.org/services_faq/ > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ -- ================================================ | Jason Welsh [EMAIL PROTECTED] | | http://monsterjam.org DSS PGP: 0x5E30CC98 | | gpg key: http://monsterjam.org/gpg/ | ================================================ -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
