From owner-freebsd-questions@FreeBSD.ORG Thu Mar 27 21:48:14 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA98B106564A for ; Thu, 27 Mar 2008 21:48:14 +0000 (UTC) (envelope-from universe@truemetal.org) Received: from mail2.lightupnet.de (mail2.lightupnet.de [217.172.32.6]) by mx1.freebsd.org (Postfix) with ESMTP id 188678FC21 for ; Thu, 27 Mar 2008 21:48:13 +0000 (UTC) (envelope-from universe@truemetal.org) Received: (qmail 85089 invoked from network); 27 Mar 2008 21:48:12 -0000 Received: by simscan 1.1.0 ppid: 85029, pid: 85072, t: 6.6950s scanners: clamav: 0.92.1 /m: 45 spam: 3.2.3 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on ffm04.sv.lightup.net X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=AWL,BAYES_00,RCVD_IN_PBL, RCVD_IN_SORBS_DUL,RCVD_IN_XBL autolearn=no version=3.2.3 Received: from f053144150.adsl.alicedsl.de (HELO pc2.mystic.org) (postmaster%truemetal.org@78.53.144.150) by mail2.lightupnet.de with AES256-SHA encrypted SMTP; 27 Mar 2008 21:48:05 -0000 Date: Thu, 27 Mar 2008 22:47:37 +0100 From: Markus To: freebsd-questions@freebsd.org Message-Id: <20080327224737.6c2e7582.universe@truemetal.org> In-Reply-To: <20080326000141.7b450699.universe@truemetal.org> References: <20080326000141.7b450699.universe@truemetal.org> X-Mailer: Sylpheed version 1.0.6 (GTK+ 1.2.10; i386-portbld-freebsd4.11) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: tcpdump stopped working / changes to pcap since 5.2.1-RELEASE? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Mar 2008 21:48:14 -0000 On Wed, 26 Mar 2008 00:01:41 +0100 Markus wrote: > Were there any changes to tcpdump, the em driver, pcap or another part > of the OS in recent history which could lead to such a behavior? > Again, regular packets on any em-interface we can collect just fine, > just the packets coming in through the monitoring port are being > "ignored"... Reply to myself, for the archives: the issue was resolved. While before and including 5.2.1-RELEASE (and possibly in later releases as well, but NOT in 6.3-RELEASE and 7.0-RELEASE) tcpdump displayed simply ALL packets, regardless whether those packets were VLAN tagged or not, coming in on the specific interface(s) (em(4)), i.e. tcpdump -n -i em3 host a.b.c.d it now (in 6.3-RELEASE and 7.0-RELEASE) requires explicitly the following statement to display VLAN tagged traffic: tcpdump -n -i em3 vlan and host a.b.c.d Or in other words: add "vlan" to the tcpdump expression and it works just fine. Before the latest few releases this wasn't necessary for VLAN tagged packets. Regards Markus