Date: Tue, 6 Feb 2018 22:10:24 +0000 From: David Athay <davida@truespeed.com> To: Eugene Grosbein <eugen@grosbein.net> Cc: freebsd-net@freebsd.org Subject: Re: tcpdump filter not functioning correctly with igb on FreeBSD 11.1 Message-ID: <293C7809-A1AE-4040-8963-F9A6802CB898@truespeed.com> In-Reply-To: <5A7A24DC.0@grosbein.net> References: <95AA0EAB-B3D6-4E68-83B2-914894D6FB90@truespeed.com> <5A7A1657.4050706@grosbein.net> <E149211C-9207-4162-950D-1BA788AA3A5F@truespeed.com> <5A7A19DD.6050400@grosbein.net> <64C4AA32-5A49-4D6F-B7A7-93CDB0E59F09@truespeed.com> <5A7A24DC.0@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
# /usr/local/sbin/tcpdump --version tcpdump version 4.9.0 libpcap version 1.8.1 OpenSSL 1.0.2n-freebsd 7 Dec 2017 Still same weirdness. # /usr/local/sbin/tcpdump -ni igb0 not port 22 | less tcpdump: verbose output suppressed, use -v or -vv for full protocol = decode listening on igb0, link-type EN10MB (Ethernet), capture size 262144 = bytes 22:03:28.941870 IP X.X.X.X.22 > 77.100.156.Y.52743: Flags [P.], seq = 417632730:417632918, ack 196056259, win 1026, options [nop,nop,TS val = 602028380 ecr 730520401], length 188 22:03:28.969328 IP 77.100.156.Y.52743 > X.X.X.X.22: Flags [.], ack 0, = win 4093, options [nop,nop,TS val 730520446 ecr 602028380], length 0 22:03:28.969342 IP 77.100.156.Y.52743 > X.X.X.X.22: Flags [.], ack 188, = win 4090, options [nop,nop,TS val 730520447 ecr 602028380], length 0 # /usr/local/sbin/tcpdump -ni igb0 not host 77.100.156.Y | less tcpdump: verbose output suppressed, use -v or -vv for full protocol = decode listening on igb0, link-type EN10MB (Ethernet), capture size 262144 = bytes 22:05:58.807570 IP X.X.X.X.22 > 77.100.156.Y.52743: Flags [P.], seq = 418507510:418507698, ack 196060707, win 1026, options [nop,nop,TS val = 602178246 ecr 730669128], length 188 22:05:58.831887 IP 77.100.156.Y.52743 > X.X.X.X.22: Flags [.], ack 0, = win 4093, options [nop,nop,TS val 730669159 ecr 602178246], length 0 22:05:58.838645 IP 77.100.156.Y.52743 > X.X.X.X.22: Flags [.], ack 188, = win 4090, options [nop,nop,TS val 730669159 ecr 602178246], length 0 # /usr/local/sbin/tcpdump -ni igb0 host 77.100.156.Y tcpdump: verbose output suppressed, use -v or -vv for full protocol = decode listening on igb0, link-type EN10MB (Ethernet), capture size 262144 = bytes ^C 0 packets captured 140 packets received by filter 0 packets dropped by kernel =E2=80=94 David Athay Senior DevOps Engineer TrueSpeed Communications Ltd.=20 > On 6 Feb 2018, at 21:57, Eugene Grosbein <eugen@grosbein.net> wrote: >=20 > 07.02.2018 4:33, David Athay =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >> Same issue with tcpdump from ports, looks like its at the same = version. >>=20 >> $ which tcpdump >> /usr/sbin/tcpdump >>=20 >> $ /usr/sbin/tcpdump --version >> tcpdump version 4.9.2 >> libpcap version 1.8.1 >> OpenSSL 1.0.2n-freebsd 7 Dec 2017 >>=20 >> $ /usr/local/sbin/tcpdump --version >> tcpdump version 4.9.2 >> libpcap version 1.8.1 >> OpenSSL 1.0.2n-freebsd 7 Dec 2017 >>=20 >> Ports version is using libpcap from ports too. >=20 > Please deinstall ports' version of tcpdump, fetch previous one: >=20 > fetch = http://pkg.freebsd.org/FreeBSD:11:amd64/release_1/All/tcpdump-4.9.0.txz > pkg install -U tcpdump-4.9.0.txz >=20 > And re-try with /usr/local/sbin/tcpdump of that version. >=20 >=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?293C7809-A1AE-4040-8963-F9A6802CB898>