Date: Wed, 26 Mar 2008 00:01:41 +0100 From: Markus <universe@truemetal.org> To: freebsd-questions@freebsd.org Subject: tcpdump stopped working / changes to pcap since 5.2.1-RELEASE? Message-ID: <20080326000141.7b450699.universe@truemetal.org>
next in thread | raw e-mail | index | archive | help
Hello, we've had a FreeBSD 5.2.1-RELEASE machine with four Intel 100/1000 NICs (em(4)). The monitoring port of our HP 4140gl switch was hooked up to one of the four NICs. This has allowed us to do traffic accounting and detecting network problems by utilizing tcpdump. We've recently upgraded the machine to at first FreeBSD 6.3, afterwards to FreeBSD 7.0. In both versions commands like tcpdump -n -i em3 host 217.172.x.y (em3 is the NIC that goes to the 4140gl monitoring port) don't produce any output anymore. In general, tcpdump does work, as through a normal non-monitoring port at e.g. em0, all tcpdump commands (host xyz, net xyz, arp etc.) work like expected and produce the appropriate results. If tcpdump is being invoked without any arguments (tcpdump -n -i em3) it shows all packets coming in through the monitoring port, however, as soon as we try to filter by specific tcpdump expressions, it doesn't show any results. Were there any changes to tcpdump, the em driver, pcap or another part of the OS in recent history which could lead to such a behavior? Again, regular packets on any em-interface we can collect just fine, just the packets coming in through the monitoring port are being "ignored"... Any advise? Thanks Markus $ ifconfig em0 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:e0:81:62:1c:7a inet 217.172.a.b netmask 0xffffff00 broadcast 217.172.a.c media: Ethernet autoselect (1000baseTX <full-duplex>) status: active $ ifconfig em3 em3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:e0:81:62:1c:7b inet 192.168.200.2 netmask 0xffffff00 broadcast 192.168.200.255 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080326000141.7b450699.universe>