From owner-freebsd-isp  Tue Jan 11 16: 7:12 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8671214E2F; Tue, 11 Jan 2000 16:07:05 -0800 (PST)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (2102 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m128BAu-000CC2C@bsdie.rwsystems.net>
	for <owner-freebsd-questions@FreeBSD.ORG>; Tue, 11 Jan 2000 17:58:08 -0600 (CST)
	(Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7)
Date: Tue, 11 Jan 2000 17:58:04 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: Shino <shino@hakkenden.com>
Cc: FreeBSD-ISP <isp@FreeBSD.ORG>,
	owner-freebsd-questions@FreeBSD.ORG
Subject: Re: FW: routed netbeui tcpdump
In-Reply-To: <NCEFJNEGOFKAEADCKNLPIEKHDDAA.shino@hakkenden.com>
Message-ID: <Pine.BSF.4.10.10001111654390.38142-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

tcpdump just dumps what the /dev/bpf? sees and that appears to be any
valid ENet packet. (incl: DLC, NetBEUI, AppleTalk, LAT) The man page for
bpf says 'All packets' arrive when in promiscuous mode. There are flags to
restrict tcpdump to 'ip only' or other traffic.

Secondarily, are sure the packets are coming from the FreeBSD router
boxes? Even network laser printer servers (little EtherJets, etc) can spew
junk onto local LANs. It doesn't take long for you to get a list of ENet
addresses to guess at what's generating the junk. (See ethereal as well!)

Very useful when someone gives you the wrong set of IP addresses, but they
at least know where an ENet jack for your FreeBSD laptop is... - Jy@

On Tue, 11 Jan 2000, Shino wrote:
> This one kinda went untouched on questions list so I have decided to forward
> here and see if anyone can help.
	[ ... ]
> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Shino
> Sent: Tuesday, January 11, 2000 10:13 AM
> To: Freebsd-Questions
> Subject: routed netbeui tcpdump
> 
> I have several router boxes running freebsd RouteD.  I thought routed only
> passed tcp packets but I am seeing netbeui and ipx packets as well... stuff I
> would only expect to see in a bridge situation.  Any thoughts on why routed
> might be passing netbeui packets?
> 
> Secondarily would tcpdump catch netbeui packets or just tcp packets?
	[ ... ]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message