Ethereal-users: Re: [Ethereal-users] tethereal filters on one adapter, not on another

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Paul Wozney <paulwozney@xxxxxxxxx>
Date: Mon, 29 Nov 2004 14:05:32 -0800
Whoops, I haven't been copying the list on this.  My apologies, here's
an update.


On Mon, 29 Nov 2004 12:33:32 -0800, Paul Wozney <paulwozney@xxxxxxxxx> wrote:
> I really appreciate your assistance here, I'm a competent
> administrator but I'm no programmer.
> 
> The netmasks are indeed 24 bits so there is no danger of missing
> packets that way.
> 
> > What happens if you capture some traffic on eth0 without a filter, using
> > the "-w" flag to write it in binary format to a file, and then do
> >
> >         tcpdump -r {that file} net 10.1.1
> >
> > Does that show the traffic on the network?
> 
> # tcpdump -i eth0 -w foo
> tcpdump: WARNING: eth0: no IPv4 address assigned
> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 3777 packets captured
> 3781 packets received by filter
> 0 packets dropped by kernel
> 
> This creates foo with about 10 seconds of data in it. (350k)
> 
> # tcpdump -r foo -n net 10.1.1
> reading from file foo, link-type EN10MB (Ethernet)
> 
> Shows no packets.
> 
> # tcpdump -r foo -n |grep 10.1.1.
> reading from file foo, link-type EN10MB (Ethernet)
> 
> Displays many packets that match this pattern.
>