Date: Mon, 14 Sep 2009 21:23:30 +0200 (CEST) From: sthaug@nethelp.no To: edwarddean3@gmail.com Cc: freebsd-net@freebsd.org Subject: Re: bpf issues Message-ID: <20090914.212330.74729619.sthaug@nethelp.no> In-Reply-To: <d8a11c3b0909141040o5a3d7f81t79525485bfe8a9ad@mail.gmail.com> References: <d8a11c3b0909141040o5a3d7f81t79525485bfe8a9ad@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I hope this is the appropriate list. I am having issues using BPFs to > filter out traffic captures. If I want to block a specific host by IP, the > traffic is still recorded. I tried tcpdump and get the same results. > > Am I missing something? Does your igb2 interface use VLAN encapsulation? If it does, you won't see it in the tcpdump output unless you use -e, but you still need to specify it together with your IP based filters - or tcpdump will apply the wrong (off by 4 bytes) offset. E.g. "tcpdump -nt -r tcpdump.pcap vlan and host 10.100.66.31" Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090914.212330.74729619.sthaug>