From owner-freebsd-pf@FreeBSD.ORG Fri May 2 02:32:34 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DCBA4106564A for ; Fri, 2 May 2008 02:32:34 +0000 (UTC) (envelope-from fox@verio.net) Received: from dfw-smtpout2.email.verio.net (dfw-smtpout2.email.verio.net [129.250.36.42]) by mx1.freebsd.org (Postfix) with ESMTP id BA0B68FC19 for ; Fri, 2 May 2008 02:32:34 +0000 (UTC) (envelope-from fox@verio.net) Received: from [129.250.36.64] (helo=dfw-mmp4.email.verio.net) by dfw-smtpout2.email.verio.net with esmtp id 1Jrl4c-0005Ck-Be for freebsd-pf@freebsd.org; Fri, 02 May 2008 02:32:34 +0000 Received: from [129.250.40.241] (helo=limbo.int.dllstx01.us.it.verio.net) by dfw-mmp4.email.verio.net with esmtp id 1Jrl4c-0001SG-8L for freebsd-pf@freebsd.org; Fri, 02 May 2008 02:32:34 +0000 Received: by limbo.int.dllstx01.us.it.verio.net (Postfix, from userid 1000) id 0FA2C8E298; Thu, 1 May 2008 21:32:23 -0500 (CDT) Date: Thu, 1 May 2008 21:32:23 -0500 From: David DeSimone To: freebsd-pf@freebsd.org Message-ID: <20080502023222.GC25833@verio.net> Mail-Followup-To: freebsd-pf@freebsd.org References: <20080502020537.GA70377@real-life.tm> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <20080502020537.GA70377@real-life.tm> Precedence: bulk User-Agent: Mutt/1.5.9i Subject: Re: a buildworld yeilds tcpdump oddness X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 May 2008 02:32:34 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Drav Sloan wrote: > > tcpdump: WARNING: pflog0: no IPv4 address assigned > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68 bytes > 000000 rule 6/0(match): block in on re0: [|ip] > 000058 rule 6/0(match): block in on re0: [|ip] When you see the [|xxx] syntax in tcpdump, that is its way of telling you that the packet you captured is truncated, and it cannot show you more information unless you capture a longer packet. With recent changes to PF, the default capture size (68 bytes as seen above) is insufficient. Try adding "-s128" to capture more of the packets and you should see an improvement. - -- David DeSimone == Network Admin == fox@verio.net "This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, dis- tribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you." --Lawyer Bot 6000 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFIGn02FSrKRjX5eCoRApFtAJ93pVFCdW2QJx2IDX3AXVZ6M4ZowQCeMQxQ PkQ0MEWSRSbRh8W2HSHXVXI= =XsE3 -----END PGP SIGNATURE-----