Re: TCPDUMP Problem...
May this issue be related to a switched network? In a switched
network, no matter if you are listening in promiscuous mode, yo will
only see packets forwarded to your own mac address.
What's behind eth0?
Edu GV
On Sun, 30 Jan 2005 00:03:27 +0200, Alexandru Stefan-Voicu
<alex.voicu@nova.scieron.com> wrote:
>
> Hello !
>
> I have a problem with the tcpdump software... Hope anyone can help...
> So here's my problem:
>
> I have a router with two network adapters: eth0 and eth1 with ip
> forwarding enabled. The internet adapter is eth0, and the LAN adapter is
> eth1.
> I want to use tcpdump to see what packets are going through eth0, so I
> issue a "tcpdump -i eth0".
> All I can see is some arp who-has requests, and some DNS requests.
> If I try to ping a host from the router itself, nothing is shown, even if
> I try a "ping -I eth0 <host>"
> Also nothing shows up if I ping a host from a PC behind the router.
> If I try to see what packets are going through eth1, I issue a "tcpdump
> -i eth1 not port 22" (so I'm not flooded with ssh packets), and I can see
> ALL the traffic that goes in and out of eth1 (of course, except the SSH
> packets)
> Please tell me what do you need to see so you can help me with this ! I
> would have attached the firewall script and the sysctl.conf file, but I'm
> not sure that's the problem. I only fully drop ICMP echo requests in
> /proc/sys/net/ipv4/icmp_echo_ignore*
> Thank you in advance !
>
> --
> ---------------------------
> Alexandru Stefan-Voicu
> Catalyst Semiconductor INC.
> Device testing department
> ---------------------------
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: