From owner-freebsd-questions Wed Apr 10 01:11:25 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id BAA09166 for questions-outgoing; Wed, 10 Apr 1996 01:11:25 -0700 (PDT) Received: from nixpbe.pdb.sni.de (mail.sni.de [192.109.2.33]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id BAA09161 for ; Wed, 10 Apr 1996 01:11:15 -0700 (PDT) Received: (from nerv@localhost) by nixpbe.pdb.sni.de (8.6.12/8.6.12) id KAA12332 for freebsd-questions@FreeBSD.org; Wed, 10 Apr 1996 10:06:42 +0200 Message-Id: <199604100806.KAA12332@nixpbe.pdb.sni.de> Subject: Re: Violently pulling out my hair To: branson@longstreet.larc.nasa.gov (Branson Matheson) Date: Wed, 10 Apr 96 10:07:25 MET DST From: Greg Lehey Cc: freebsd-questions@FreeBSD.org In-Reply-To: <199604081558.LAA02702@longstreet.larc.nasa.gov>; from "Branson Matheson" at Apr 8, 96 11:58 am X-Mailer: xmail 2.4 (based on ELM 2.2 PL16) Sender: owner-questions@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > > Ok... tcpdump manpage gently describes the wonderful way to montior > packets from an ethernet address as follows: > > ether host ehost > True if either the ethernet source or destination address is > ehost. > > So I tried: > > root@garion > tcpdump ether host gw.hq.ferg.com > tcpdump: only ethernet/FDDI supports link-level host name > > Grrr... > > OK.. there IS an entry in my ethers file.. looks like: > > 08:0:3e:0:24:f3 gw.hq.ferg.com > > Allright so next i tried... > > branson@garion #tcpdump ether host 08:00:09:d4:65:ff > tcpdump: ethernet address used in non-ether expression > > This is really frustrating.. can any one help? This looks to me like tcpdump is going for the wrong interface. The message tells you that you can only use this option on an Ethernet or FDDI interface. Assuming that you are really trying to trace an Ethernet interface (say, ed0), try: tcpdump -i ed0 ether host 08:00:09:d4:65:ff If that doesn't work, try tcpdump -i ed0 host gw.hq.ferg.com This should definitely work. If not, let me know the error messages. An output from netstat -i would also help. Greg