Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Aug 1998 18:03:26 +0200 (CEST)
From:      Malte Lance <malte.lance@gmx.net>
To:        Anderl <andreas.gaertner.gp@oen.siemens.de>
Cc:        freebsd-isdn@FreeBSD.ORG
Subject:   Re: tcpdump and isppp0
Message-ID:  <13788.18314.459008.114848@neuron.webmore.de>
In-Reply-To: <Pine.GSO.3.96.980820100654.12206k-200000@s71ee26>
References:  <Pine.GSO.3.96.980820100654.12206k-200000@s71ee26>

next in thread | previous in thread | raw e-mail | index | archive | help
Anderl writes:
 > Date: Thu, 20 Aug 1998 10:04:18 +0200 (MET DST)
 > From: Anderl <gax43544@egnetz.uebemc.siemens.de>
 > To: isdn-freebsd@freebsd.org
 > Subject: tcpdump and isppp0
 > 
 > 
 > hi folks,
 > 
 > i recently successfully configured my i4bv0.63/fritz!card to work together
 > with freebsd2.2.6.
 > now i wanted to check the traffic going over the interface using 'tcpdump
 > -i isppp0'. everything seemed fine. i started up the connection, put
 > tcpdump onto the interface to listen and did a ping to a remote site. i
 > stopped the ping and since then weird packets were wandering from the
 > remote site to my machine and vice versa and wouldn't stop. also inetd
 > showed traffic. when i then terminated tcpdump all grew quiet again.
 > connection was still up and no traffic went over the interface. so
 > something (i assume tcpdump) must effect or even generate traffic over
 > isppp0 even if there is none or supposed to be none. how can that be?
 > 
 > the attachment shows an extract of the problem given above. can you help?
 > 
 > any hints are highly appreciated, thanks in advance,


DNS-lookups ?

neuron:~# cat /etc/services | grep domain
domain           53/tcp    #Domain Name Server
domain           53/udp    #Domain Name Server
#                          identify "authentication domains"
neuron:~#

Try "tcpdump -f -N -n ..."

Maybe i did not get your problem at all.

Malte.

 > 
 > 
 > anderl
 > 19:35:12.123448 [|ip]
 > 19:35:12.138271 [|ip]
 > 19:35:12.146239 [|ip]
 > 19:35:12.164392 truncated-ip - 49159 bytes missing!3.4.192.35 > 5.6.43.115: (frag 256:49125@176) [tos 0x3] [ttl 1]
 > 19:35:12.164428 [|ip]
 > 19:35:12.184634 truncated-ip - 49163 bytes missing!3.4.192.35 > 5.6.43.115: (frag 257:49125@144) [tos 0x3] [ttl 1]
 > 19:35:12.184662 [|ip]
 > 19:35:13.180863 [|ip]
 > 19:35:13.197374 [|ip]
 > 19:35:13.197466 [|ip]
 > 19:35:13.349634 truncated-ip - 49158 bytes missing!99.111.109.101 > 32.116.111.32: (frag 515:49127@200) [tos 0x3]
 > 19:35:13.349725 [|ip]
 > 19:35:13.349732 kirk.muc.de.1036 > colin.muc.de.domain: 4553+ (41)
 > 19:35:13.361615 [|ip]
 > 19:35:13.361653 [|ip]
 > 19:35:13.366471 [|ip]
 > 19:35:13.376341 [|ip]
 > 19:35:13.376368 [|ip]
 > 19:35:13.392224 [|ip]
 > 19:35:13.392249 [|ip]
 > 19:35:17.341082 kirk.muc.de.1037 > colin.muc.de.domain: 4553+ (41)
 > 19:35:17.560082 58.17.201.66 > colin.muc.de: (frag 17664:-27@1240) [tos 0x3]
...

 > 19:35:29.251388 kirk.muc.de.1057 > colin.muc.de.domain: 4572+ (44)
 > 19:35:32.505004 58.17.200.71 > colin.muc.de: (frag 17664:-27@1264) [tos 0x3]
 > 19:35:32.506309 kirk.muc.de.nim > colin.muc.de.domain: 4573+ (44)
 > 19:35:32.807456 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isdn" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13788.18314.459008.114848>