Re: TCPDUMP Problem...
Alexandru Stefan-Voicu said:
> No, there's no switched network. Eth0 is the network adapter tied to the
> internet cable modem, behind eth0 is a Linux router, which also has an
> eth1 internal interface. So "behind" eth0 is eth1 and linked tot that is a
> Windows 2000 workstation.
> I think it's a bug in the tcpdump code, because I used iptraf to monitor
> eth0 and I am able to see all incoming packets (external ssh to my router,
> mail sent to my router, etc).
> Thank you for your reply !
Are you using the -p switch to tcpdump? That will take it out of
permiscuous mode, and you'll only see traffic destined for the box, not
forwarded traffic. Perhaps the nic doesn't support promisc mode? You
could try "ifconfig eth0 promisc" before running tcpdump.