From owner-freebsd-net Mon Aug 6 6:45:47 2001 Delivered-To: freebsd-net@freebsd.org Received: from yamato.ccrle.nec.de (yamato.ccrle.nec.de [195.37.70.1]) by hub.freebsd.org (Postfix) with ESMTP id 924F737B403 for ; Mon, 6 Aug 2001 06:45:43 -0700 (PDT) (envelope-from Martin.Stiemerling@ccrle.nec.de) Received: from citadel.mobility.ccrle.nec.de ([192.168.156.1]) by yamato.ccrle.nec.de (8.11.3/8.10.1) with ESMTP id f76DjkI86847; Mon, 6 Aug 2001 15:45:46 +0200 (CEST) Received: by citadel.mobility.ccrle.nec.de (Postfix on SuSE eMail Server 2.0, from userid 30) id 0212EC08C; Mon, 6 Aug 2001 15:36:27 +0200 (CEST) To: Henry Whincup Subject: Re: BPF does not pick up loopback activity Message-ID: <997104987.3b6e9d5bde17f@citadel.mobility.ccrle.nec.de> Date: Mon, 06 Aug 2001 15:36:27 +0200 (CEST) From: Martin.Stiemerling@ccrle.nec.de Cc: "freebsd-net@freebsd.org" References: <20010806140314.O37365-100000@localhost> In-Reply-To: <20010806140314.O37365-100000@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.3 X-Originating-IP: 192.168.102.83 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, to see the packets to 192.168.2.1 you have to specify the interface lo0, because it's your own address. Packets to this address aren't send to fxp0. So use: tcpdump -ni lo0 Martin > Take the following example: > # ifconfig fxp0 > fxp0: flags=8843 mtu 1500 > inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255 > ether 00:90:27:94:84:34 > media: Ethernet autoselect (100baseTX ) > status: active > # tcpdump -ni fxp0 & > # ping 192.168.2.1 > PING 192.168.2.1 (192.168.2.1): 56 data bytes > 64 bytes from 192.168.2.1: icmp_seq=0 ttl=64 time=0.059 ms > 64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.057 ms > ^C > --- 192.168.2.1 ping statistics --- > 2 packets transmitted, 2 packets received, 0% packet loss > round-trip min/avg/max/stddev = 0.057/0.058/0.059/0.001 ms > # ping 192.168.2.2 > PING 192.168.2.2 (192.168.2.2): 56 data bytes > 64 bytes from 192.168.2.2: icmp_seq=0 ttl=255 time=3.134 ms > 14:33:23.291728 arp who-has 192.168.2.2 tell 192.168.2.1 > 14:33:23.293210 arp reply 192.168.2.2 is-at 0:d0:ba:a:91:c0 > 14:33:23.293227 192.168.2.1 > 192.168.2.2: icmp: echo request > 14:33:23.294782 192.168.2.2 > 192.168.2.1: icmp: echo reply > 64 bytes from 192.168.2.2: icmp_seq=1 ttl=255 time=1.408 ms > 14:33:24.297997 192.168.2.1 > 192.168.2.2: icmp: echo request > 14:33:24.299352 192.168.2.2 > 192.168.2.1: icmp: echo reply > ^C > --- 192.168.2.2 ping statistics --- > 2 packets transmitted, 2 packets received, 0% packet loss > round-trip min/avg/max/stddev = 1.408/2.271/3.134/0.863 ms > # > > Note that the packets sent to the local IP address are not picked up by > tcpdump. This can be tried with any traffic type, I have just used > ping > as an example. > > Is this the correct/desired behaviour? If it is, is there any other > way > to capture these packets? > > Thanks > > Henry > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message