From owner-freebsd-net Mon Jul 10 0:32:10 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail2.netcologne.de (mail2.netcologne.de [194.8.194.103]) by hub.freebsd.org (Postfix) with ESMTP id E9EF037BC7F for ; Mon, 10 Jul 2000 00:32:06 -0700 (PDT) (envelope-from pherman@frenchfries.net) Received: from bagabeedaboo.security.at12.de (dial-195-14-226-101.netcologne.de [195.14.226.101]) by mail2.netcologne.de (8.9.3/8.9.3) with ESMTP id JAA18431; Mon, 10 Jul 2000 09:32:05 +0200 (MET DST) Received: from localhost (localhost.security.at12.de [127.0.0.1]) by bagabeedaboo.security.at12.de (8.10.2/8.10.2) with ESMTP id e6A7Vq000294; Mon, 10 Jul 2000 09:31:52 +0200 (CEST) Date: Mon, 10 Jul 2000 09:31:51 +0200 (CEST) From: Paul Herman To: "Michael S. Fischer" Cc: freebsd-net@FreeBSD.ORG Subject: Re: bpf problem with lo0 interface In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 9 Jul 2000, Michael S. Fischer wrote: > Running 4.0-STABLE, I seem to be having difficulty getting any of the packet > capture/analysis tools (with the exception of tcpdump, which prints the > headers correctly) to give me packet _data_ information when I sniff the lo0 > interface. I don't know about tcpflow, but tcpshow doesn't handle NULL layer links (lo0, tun0, etc...). In fact, I think it only handles ethernet type link layers. Sorry, you are stuck with 'tcpdump -x'. For what it's worth, I wrote a program to print packets for just this reason. It is 'packetdump' and is hidden in: http://www.frenchfries.net/paul/tcpstat/tcpstat-1.3pre.tar.gz (after compiling it is in the src/ directory.) The output may not be as tcpshow yet, but it gets the job done. -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message