tcpdump stopped working / changes to pcap since 5.2.1-RELEASE?
Markus
universe at truemetal.org
Thu Mar 27 14:48:14 PDT 2008
On Wed, 26 Mar 2008 00:01:41 +0100
Markus <universe at truemetal.org> wrote:
> Were there any changes to tcpdump, the em driver, pcap or another part
> of the OS in recent history which could lead to such a behavior?
> Again, regular packets on any em-interface we can collect just fine,
> just the packets coming in through the monitoring port are being
> "ignored"...
Reply to myself, for the archives: the issue was resolved. While before
and including 5.2.1-RELEASE (and possibly in later releases as well, but
NOT in 6.3-RELEASE and 7.0-RELEASE) tcpdump displayed simply ALL
packets, regardless whether those packets were VLAN tagged or not,
coming in on the specific interface(s) (em(4)), i.e.
tcpdump -n -i em3 host a.b.c.d
it now (in 6.3-RELEASE and 7.0-RELEASE) requires explicitly the
following statement to display VLAN tagged traffic:
tcpdump -n -i em3 vlan and host a.b.c.d
Or in other words: add "vlan" to the tcpdump expression and it works
just fine. Before the latest few releases this wasn't necessary for VLAN
tagged packets.
Regards
Markus
More information about the freebsd-questions
mailing list