tcpdump bug???

To: debian-devel@lists.debian.org, Russell Coker <russell@coker.com.au>
Subject: tcpdump bug???
From: Brian May <bam@debian.org>
Date: 31 Dec 2000 12:42:51 +1100
Message-id: <[🔎] 84n1dds6w4.fsf@snoopy.apana.org.au>

Hello,

Anyone else agree that there is a bug in tcpdump here?

snoopy:~# tcpdump -i ppp0 -e
tcpdump: listening on ppp0
12:26:39.696219 ip: 202.12.87.129 > 203.12.236.226: icmp: echo request
12:26:39.842301 ip: 203.12.236.226 > 192.168.87.134: icmp: echo reply
12:26:40.694174 ip: 202.12.87.129 > 203.12.236.226: icmp: echo request
12:26:40.832367 ip: 203.12.236.226 > 192.168.87.134: icmp: echo reply

I am trying to get masquerading working with 2.4.0test10.

According to this tcpdump, the packet is getting sent from the
masqueraded address OK, but the reply goes back to the private
address.

So either:

1. masquerading doesn't work (probably my fault), and tcpdump is
showing the wrong source address. This could also be a kernel bug, but
I am skeptical (doesn't the kernel pass the raw data directly to
tcpdump?).

2. the remote host determines the real IP address via ESP and uses
that instead of the correct address.

Note: I get similar results for TCP as well as ICMP.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: tcpdump bug???
  - From: Bernd Eckenfels <lists@lina.inka.de>

Prev by Date: Re: holding back the tide
Next by Date: Re: dbs
Previous by thread: Processed: .
Next by thread: Re: tcpdump bug???
Index(es):
- Date
- Thread