From owner-freebsd-security Wed Nov 8 2: 4:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from gwdu60.gwdg.de (gwdu60.gwdg.de [134.76.98.60]) by hub.freebsd.org (Postfix) with ESMTP id 7EECB37B479; Wed, 8 Nov 2000 02:04:44 -0800 (PST) Received: from localhost (kheuer@localhost) by gwdu60.gwdg.de (8.9.3/8.9.3) with ESMTP id LAA05953; Wed, 8 Nov 2000 11:04:42 +0100 (CET) (envelope-from kheuer@gwdu60.gwdg.de) Date: Wed, 8 Nov 2000 11:04:42 +0100 (CET) From: Konrad Heuer To: Kris Kennaway Cc: freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: TCPDUMP patch v1.1 and AppleTalk In-Reply-To: <20001107223959.B41350@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 7 Nov 2000, Kris Kennaway wrote: > On Tue, Nov 07, 2000 at 01:56:21PM +0100, Konrad Heuer wrote: > > > After patching and installing, tcpdump can't be used anymore since it puts > > very heavy load onto the network via xl0 and AppleTalk broadcast messages > > (one message each 0.2 ms). Sorry, in the moment I don't know more details > > ... > > tcpdump shouldn't be sending any appletalk packets, I thought (I may > be wrong, never used it on an appletalk network). Are you sure this is > the problem? > > Kris > Well, I don't know exactly what happens but I seems to be more complex than I thought first. It doesn't happen each time I start tcpdump but when some circumstances meet which I don't know my FreeBSD host begins to flood the network with AppelTalk broadcast requests as long as tcpdump keeps running. Killing tcpdump kills this flooding, too. I've never observed such a situation before I applied the last patch, and I use tcpdump frequently to analyze the one or other problem. On the other hand, our network environment isn't static, of course, and I can't be sure about other things that may have been changed from day to day. Konrad To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message