Subject: Re: bin/33078: "tcpdump host foo" does not work
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: netbsd-bugs
Date: 03/14/2006 18:40:02
The following reply was made to PR bin/33078; it has been noted by GNATS.
From: Manuel Bouyer <bouyer@antioche.eu.org>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org
Subject: Re: bin/33078: "tcpdump host foo" does not work
Date: Tue, 14 Mar 2006 19:37:46 +0100
On Tue, Mar 14, 2006 at 02:00:09PM +0000, martti.kuparinen@iki.fi wrote:
>
> I was running "tcpdump -eni wm1" and saw all traffic to/from our domU hosts
> (including the 802.1Q headers) so I wanted to see only one host and executed
> the following command but absolutely nothing appears on the screen:
>
>
> ROOT xen1:~> tcpdump -eni wm1 host aaa.aaa.aaa.aaa
> tcpdump: WARNING: wm1: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on wm1, link-type EN10MB (Ethernet), capture size 96 bytes
> ^C
> 0 packets captured
> 33 packets received by filter
> 0 packets dropped by kernel
> ROOT xen1:~>
>
>
> So even though the traffic from aaa.aaa.aaa.aaa is visible during the first
> tcpdump invocation it won't appear when using the "host foo" argument
> with tcpdump.
You don't see it because tcpdump filters on IP in untagged packets.
You may want to try:
tcpdump -eni wm1 vlan and host aaa.aaa.aaa.aaa
--
Manuel Bouyer <bouyer@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--