Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Oct 2002 23:55:09 -0400
From:      "Eric W. Bates" <ericx@vineyard.net>
To:        <freebsd-net@freebsd.org>
Subject:   debugging VLANs with tcpdump
Message-ID:  <009701c27a47$fb2d6c80$3ee380cc@alice>
next in thread | raw e-mail | index | archive | help 
While using tcpdump to debug a new VLAN config, I noticed some problems and
wanted to ask whether I was simply doing something wrong.

I have 3 vlan interfaces attached to an fxp.  The 3 vlan are bridged, but
the fxp is not included in the group. The fxp has no IP.  vlan0 has the IP
for the bridge group.

fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        ether 00:02:b3:5b:dd:98
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255
        ether 00:02:b3:5b:dd:98
        vlan: 5 parent interface: fxp0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        ether 00:02:b3:5b:dd:98
        vlan: 10 parent interface: fxp0
vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        ether 00:02:b3:5b:dd:98
        vlan: 20 parent interface: fxp0


I get the most useful information when I run tcpdump on the fxp.  Doing so
shows all the packets passing by the NIC and it labels VLAN packets with
their tag.

  tcpdump -i fxp0

20:00:54.747032 802.1Q vlan#10 P0 192.168.10.98 > 192.168.10.1: icmp: echo
request (ttl 32, id 232, len 60)
20:00:54.747210 802.1Q vlan#10 P0 192.168.10.1 > 192.168.10.98: icmp: echo
reply (ttl 64, id 22505, len 60)

As soon as I add an expression to the tcpdump, I lose the VLAN labels from
the output.  I tried:

  tcpdump -i fxp0 icmp
  tcpdump -i fxp0 vlan
  tcpdump -i fxp0 host fw.mvhost.com

I also tried increasing verbosity (-vvv).

Attaching tcpdump to a vlan was interesting.  Presumably I was seeing only
packets tagged with the pseudo-interface's VLAN ID; but the labels were gone
again.

Is this a bug?  If not, how do I display the explicit tag information under
more circumstances?

Thanks for your time.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009701c27a47$fb2d6c80$3ee380cc>