From owner-freebsd-isdn Thu Aug 20 09:19:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA04892 for freebsd-isdn-outgoing; Thu, 20 Aug 1998 09:19:46 -0700 (PDT) (envelope-from owner-freebsd-isdn@FreeBSD.ORG) Received: from cyclone.degnet.baynet.de (www.degnet.baynet.de [194.95.214.129]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id JAA04827 for ; Thu, 20 Aug 1998 09:19:32 -0700 (PDT) (envelope-from malte.lance@gmx.net) Received: from neuron.webmore.de (unverified [194.95.214.181]) by cyclone.degnet.baynet.de (EMWAC SMTPRS 0.83) with SMTP id ; Thu, 20 Aug 1998 18:19:32 +0200 Received: (from malte.lance@gmx.net) by neuron.webmore.de (8.8.8/8.8.8) id SAA03397; Thu, 20 Aug 1998 18:03:26 +0200 (CEST) From: Malte Lance MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 20 Aug 1998 18:03:26 +0200 (CEST) To: Anderl Cc: freebsd-isdn@FreeBSD.ORG Subject: Re: tcpdump and isppp0 In-Reply-To: References: X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <13788.18314.459008.114848@neuron.webmore.de> Reply-To: malte.lance@gmx.net Sender: owner-freebsd-isdn@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Anderl writes: > Date: Thu, 20 Aug 1998 10:04:18 +0200 (MET DST) > From: Anderl > To: isdn-freebsd@freebsd.org > Subject: tcpdump and isppp0 > > > hi folks, > > i recently successfully configured my i4bv0.63/fritz!card to work together > with freebsd2.2.6. > now i wanted to check the traffic going over the interface using 'tcpdump > -i isppp0'. everything seemed fine. i started up the connection, put > tcpdump onto the interface to listen and did a ping to a remote site. i > stopped the ping and since then weird packets were wandering from the > remote site to my machine and vice versa and wouldn't stop. also inetd > showed traffic. when i then terminated tcpdump all grew quiet again. > connection was still up and no traffic went over the interface. so > something (i assume tcpdump) must effect or even generate traffic over > isppp0 even if there is none or supposed to be none. how can that be? > > the attachment shows an extract of the problem given above. can you help? > > any hints are highly appreciated, thanks in advance, DNS-lookups ? neuron:~# cat /etc/services | grep domain domain 53/tcp #Domain Name Server domain 53/udp #Domain Name Server # identify "authentication domains" neuron:~# Try "tcpdump -f -N -n ..." Maybe i did not get your problem at all. Malte. > > > anderl > 19:35:12.123448 [|ip] > 19:35:12.138271 [|ip] > 19:35:12.146239 [|ip] > 19:35:12.164392 truncated-ip - 49159 bytes missing!3.4.192.35 > 5.6.43.115: (frag 256:49125@176) [tos 0x3] [ttl 1] > 19:35:12.164428 [|ip] > 19:35:12.184634 truncated-ip - 49163 bytes missing!3.4.192.35 > 5.6.43.115: (frag 257:49125@144) [tos 0x3] [ttl 1] > 19:35:12.184662 [|ip] > 19:35:13.180863 [|ip] > 19:35:13.197374 [|ip] > 19:35:13.197466 [|ip] > 19:35:13.349634 truncated-ip - 49158 bytes missing!99.111.109.101 > 32.116.111.32: (frag 515:49127@200) [tos 0x3] > 19:35:13.349725 [|ip] > 19:35:13.349732 kirk.muc.de.1036 > colin.muc.de.domain: 4553+ (41) > 19:35:13.361615 [|ip] > 19:35:13.361653 [|ip] > 19:35:13.366471 [|ip] > 19:35:13.376341 [|ip] > 19:35:13.376368 [|ip] > 19:35:13.392224 [|ip] > 19:35:13.392249 [|ip] > 19:35:17.341082 kirk.muc.de.1037 > colin.muc.de.domain: 4553+ (41) > 19:35:17.560082 58.17.201.66 > colin.muc.de: (frag 17664:-27@1240) [tos 0x3] ... > 19:35:29.251388 kirk.muc.de.1057 > colin.muc.de.domain: 4572+ (44) > 19:35:32.505004 58.17.200.71 > colin.muc.de: (frag 17664:-27@1264) [tos 0x3] > 19:35:32.506309 kirk.muc.de.nim > colin.muc.de.domain: 4573+ (44) > 19:35:32.807456 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message