tcpdump -- non-local traffic not showing
Christopher Cowart
ccowart at rescomp.berkeley.edu
Fri Oct 5 17:12:10 PDT 2007
On Fri, Oct 05, 2007 at 05:31:25PM -0600, freebsd at dreamchaser.org wrote:
> I'm having trouble seeing packets which are not going to or from the
> machine on which tcpdump is running. Is there something special I
> need to do to enable this? It's my understanding tcpdump puts the
> interface in promiscuous mode, and dmesg seems to confirm this.
> However I see the following behavior using "tcpdump -fntl -i ed1":
>
> If hosts .x, .y, and .z are all on the same network,
> and if tcpdump is running on host a.b.c.x
> and on host a.b.c.y I do
> ping a.b.c.x
>
> I see the icmp packets.
>
> But if on host a.b.c.y I do
> ping a.b.c.z
>
> I see nothing.
> Does the interface drop packets with a different mac address, even
> when supposedly put in promiscuous mode?
>
> Clues?
You're probably plugged into a switch ("learning bridge"). Switches
partition your collision domain -- they learn which MAC is available on
which port and only send on that port.
You either need a hub or a really expensive switch (the kind that you
log in to and set up port mirrors).
--
Chris Cowart
Lead Systems Administrator
Network & Infrastructure Services, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20071006/395a43fa/attachment.pgp
More information about the freebsd-questions
mailing list