From owner-freebsd-security Tue Jun 12 13:33:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f184.law11.hotmail.com [64.4.17.184]) by hub.freebsd.org (Postfix) with ESMTP id A262E37B401 for <freebsd-security@FreeBSD.ORG>; Tue, 12 Jun 2001 13:33:51 -0700 (PDT) (envelope-from derekoflynn@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 12 Jun 2001 13:33:51 -0700 Received: from 155.58.130.143 by lw11fd.law11.hotmail.msn.com with HTTP; Tue, 12 Jun 2001 20:33:51 GMT X-Originating-IP: [155.58.130.143] From: "Derek O'Flynn" <derekoflynn@hotmail.com> To: piechota@argolis.org Cc: freebsd-security@FreeBSD.ORG Subject: Re: snort/tcpdump not showing tcp packets Date: Tue, 12 Jun 2001 15:33:51 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <F184OlnzGOnXPJFcUFa00006a6b@hotmail.com> X-OriginalArrivalTime: 12 Jun 2001 20:33:51.0557 (UTC) FILETIME=[FDC85F50:01C0F37E] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: <freebsd-security.FreeBSD.ORG> List-Archive: <http://docs.freebsd.org/mail/> (Web Archive) List-Help: <mailto:majordomo?subject=help> (List Instructions) List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security> List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security> X-Loop: FreeBSD.org Marc, Same type of NIC in both machines, 3com 3c595 fast etherlink III PCI Both connected to a 10bT 3com hub. It might be something with the card. I have some isa nic cards I can try, and my new token ring card just arrived, but of course, I have to rebuild the kernel to add token ring support :( Derek >From: Matt Piechota <piechota@argolis.org> >To: "Derek O'Flynn" <derekoflynn@hotmail.com> >CC: <freebsd-security@FreeBSD.ORG> >Subject: Re: snort/tcpdump not showing tcp packets >Date: Tue, 12 Jun 2001 16:18:49 -0400 (EDT) > >On Tue, 12 Jun 2001, Derek O'Flynn wrote: > > > I have two machines, one running freebsd 4.0, and one running 4.3. They >are > > physically connected to the same hub (same segment) > > > > When running tcpdump or snort on the 4.0 box, I get traffic from a >variety > > of protocols > > > > However, when I run tcpdump or snort on the 4.0 box, I get traffic from >a > > variety of protocols, but no tcp protocol traffic. The only time tcp > > protocol shows up is if I connect to the web server on the 4.3 box from > > another machine. > >I assume you meant the 4.3 box in the above paragraph? > > > Strangest thing I've ever seen! Anyway, I thought it might have been >cause > > I did a minimal installation, and maybe something was disabled, so I >setup > > the box again with a full install of everything but X, and the same >thing is > > occurring. I then thought it was the network card, but that can't be >cause > > it is receiving tcp packets, but only those destined for the machine, > > nothing else on the segment. Is there a setting that causes it to only >see > > it's tcp packets (note: it is seeing icmp/udp/arp packets from other > > sources) > > > > Does anyone know if there's something weird with 4.3 that would cause >this? > > I'm running the 4.3 iso image downloaded from freebsd. It hasn't been > > modified at all, standard installation. > >I'm running the same release as a dedicated sniffer device on a PC (Intel >EEPro 100B NIC), and an IBM Stinkpad w/#com 3c574-TX NIC. It works >perfectly (as far as I can tell). Could this be a problem with your >specific card/driver and it's interaction with the TCPIP stack? > >-- >Matt Piechota >Finger piechota@emailempire.com for PGP key >AOL IM: cithaeron > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message