From owner-freebsd-questions Thu Dec 17 11:19:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA03509 for freebsd-questions-outgoing; Thu, 17 Dec 1998 11:19:09 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from stennis.ca.sandia.gov (stennis.ca.sandia.gov [146.246.243.44]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA03504 for ; Thu, 17 Dec 1998 11:19:07 -0800 (PST) (envelope-from bmah@stennis.ca.sandia.gov) Received: (from bmah@localhost) by stennis.ca.sandia.gov (8.9.1/8.9.1) id LAA07089; Thu, 17 Dec 1998 11:17:55 -0800 (PST) Message-ID: <19981217111754.B6828@ca.sandia.gov> Date: Thu, 17 Dec 1998 11:17:55 -0800 From: "Bruce A. Mah" To: "Singh, Hardeep IN" Cc: bmah@ca.sandia.gov, FreeBSD Subject: Re: Tcpdump strange problem References: <199812111958.TAA18221@eamail1.unisys.com> Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-md5; boundary=huq684BweRXVnRxX X-Mailer: Mutt 0.93i In-Reply-To: <199812111958.TAA18221@eamail1.unisys.com>; from Singh, Hardeep IN on Sat, Dec 12, 1998 at 01:24:00AM -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --huq684BweRXVnRxX Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable I haven't seen anyone reply to this mail yet, despite this being several days later, so I'll take a shot: On Sat, Dec 12, 1998 at 01:24:00AM -0600, Singh, Hardeep IN wrote: > 3.I have installed tcpdump and trafshow on my machine. > Now when i run tcpdump or trafshow the following happens >=20 > 1.All packets directed to and from my host are shown > 2.All packets for broadcast and multicast are shown e.g arp request and a= rp > replies > 3.When I invoke tcpdump for viewing packets on some host celtics e.g > >tcpdump -n host celtics > The reply is as >>>> > Dec 11 21:56:11 Myhost /kernel: de0: promiscuous mode enabled > tcpdump:listening on de0 > /** > Only > arp packets for celtics are visible > **/ > ^C /* Aborting operation */ Is it possible that your machine being used for packet capturing is attached to an Ethernet switch? That would produce results consistent with what you're seeing. An Ethernet switch will (unless configured otherwise) only pass the packets destined for your machine's Ethernet address, or broadcast or multicast packets. If that's the case, promiscuous mode on the network interface won't do you any good, since the frames not addressed to your machine won't make it as far as its network interface anyways. Bruce. --huq684BweRXVnRxX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNnlY4ajOOi0j7CY9AQGaCQP/U3O4iLNkwbud2nEMpXcqxiP3EnIOUsS+ DwaDJxq59XO1F1sqzolJYhnb41jErYghgTfGmH0gfpe2gHCKKvbyYX5QPrux8qRj 6BOiyuJF7+qWNWHGu5VsDFfEEKQ/nQJHROAUeFnNQL+ShSaGlhgMgQGrW+qV6ryo cukDOc93jUU= =3hsl -----END PGP SIGNATURE----- --huq684BweRXVnRxX-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message