Date: Tue, 14 Dec 2004 11:28:11 -0800 From: John-Mark Gurney <gurney_j@resnet.uoregon.edu> To: Axel Gonzalez <loox@e-shell.net> Cc: freebsd-amd64@freebsd.org Subject: Re: tcpdump port xx bug ? - only happens on interface connected to pppoe Message-ID: <20041214192811.GW19624@funkthat.com> In-Reply-To: <200412140148.43099.loox@e-shell.net> References: <200412132302.50539.loox@e-shell.net> <20041214000810.1472b6a5@dolphin.local.net> <200412140148.43099.loox@e-shell.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Axel Gonzalez wrote this message on Tue, Dec 14, 2004 at 01:48 -0600: > Ok, found the 'bug'.. maybe it helps someone ;) > > It only happens on the interface connected to DSL modem > > note the: > tcpdump: WARNING: rl0: no IPv4 address assigned > > when accessing the interface rl0 and specify a port, it can't capture packets, > but it can capture packets with no problems on tun0 (tun0 is the interface > that actually has the ip) > > still is weird how it can capture packages when no port is specified, but then > maybe its the way its suposed to be :) > > On Tuesday 14 December 2004 00:08, Conrad J. Sabatier wrote: > > On Mon, 13 Dec 2004 23:02:50 -0600, Axel Gonzalez <loox@e-shell.net> wrote: > > > is anyone able to confirm or deny this (before a PR is filled)? > > > > > > # tcpdump port xx > > > > > > doesnt seem to work: > > > > > > su-2.05b# tcpdump port http > > > tcpdump: WARNING: rl0: no IPv4 address assigned > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > > decode listening on rl0, link-type EN10MB (Ethernet), capture size 68 > > > bytes ^C > > > 0 packets captured > > > 503 packets received by filter > > > 0 packets dropped by kernel > > > > > > > > > if no port is specified, it works fine: > > > > > > su-2.05b# tcpdump | grep freeb > > > tcpdump: WARNING: rl0: no IPv4 address assigned > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > > decode listening on rl0, link-type EN10MB (Ethernet), capture size 68 > > > bytes 22:57:30.768184 PPPoE [ses 0xc744] IP ^^^^^^^^^^^^^^^^^^^ > > > xxxx.prod-infinitum.com.mx.55842 > www.freebsd.org.http: S > > > 564552288:564552288(0) win 65535 <mss 1440,nop,[| tcp]> > > > 22:57:30.843127 PPPoE [ses 0xc744] IP www.freebsd.org.http > ^^^^^^^^^^^^^^^^^^^ > > > xxx.prod-infinitum.com.mx.55842: S 3276387435:3276387435(0) ack 564552289 > > > win 57344 <mss 1460,nop,[|tcp]> You'd need to ping the tcpdump developers about the exact meaning of port... I believe the port command only looks at unecapsulated frames, which is what is happening here... The compiler is probably just checking for the rules when the tcp/udp packet is unencapsulated, probably because it'd be very difficult to auto handle packets inside encapsulation.. So, this is probably a design decision... :) -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041214192811.GW19624>