Date: Tue, 12 Jun 2001 16:18:49 -0400 (EDT) From: Matt Piechota <piechota@argolis.org> To: "Derek O'Flynn" <derekoflynn@hotmail.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: snort/tcpdump not showing tcp packets Message-ID: <20010612160917.V445-100000@cithaeron.argolis.org> In-Reply-To: <F21iyhGvDpEDiOa7ddh000002a3@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 Jun 2001, Derek O'Flynn wrote: > I have two machines, one running freebsd 4.0, and one running 4.3. They are > physically connected to the same hub (same segment) > > When running tcpdump or snort on the 4.0 box, I get traffic from a variety > of protocols > > However, when I run tcpdump or snort on the 4.0 box, I get traffic from a > variety of protocols, but no tcp protocol traffic. The only time tcp > protocol shows up is if I connect to the web server on the 4.3 box from > another machine. I assume you meant the 4.3 box in the above paragraph? > Strangest thing I've ever seen! Anyway, I thought it might have been cause > I did a minimal installation, and maybe something was disabled, so I setup > the box again with a full install of everything but X, and the same thing is > occurring. I then thought it was the network card, but that can't be cause > it is receiving tcp packets, but only those destined for the machine, > nothing else on the segment. Is there a setting that causes it to only see > it's tcp packets (note: it is seeing icmp/udp/arp packets from other > sources) > > Does anyone know if there's something weird with 4.3 that would cause this? > I'm running the 4.3 iso image downloaded from freebsd. It hasn't been > modified at all, standard installation. I'm running the same release as a dedicated sniffer device on a PC (Intel EEPro 100B NIC), and an IBM Stinkpad w/#com 3c574-TX NIC. It works perfectly (as far as I can tell). Could this be a problem with your specific card/driver and it's interaction with the TCPIP stack? -- Matt Piechota Finger piechota@emailempire.com for PGP key AOL IM: cithaeron To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010612160917.V445-100000>