My deepest apologies for chasing something that is right there in the man page for tcpdump although I didn't realize the frames were tagged until we got deeper into it. From the Cisco standpoint, older versions of IOS running on Catalyst workgroup switches (this one was specifically a 2950 running 12.1(9)) copy packets to the destination interface with the VLAN tags included by default. At some point in a later release they began supporting the option to copy the frames tagged or untagged.
The addition of the vlan keyword worked perfectly. Thank you for your time.
Tyler
-----Original Message-----
From: Romain Francoise [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 15, 2005 3:35 PM
To: Tyler West
Cc: [EMAIL PROTECTED]
Subject: Re: Bug#299642: filter expressions not working in tcpdump and tet hereal
Romain Francoise <[EMAIL PROTECTED]> writes:
>> 20:43:54.919506 00:08:7c:d3:76:c2 > 00:08:02:8d:39:80, ethertype 802.1Q
>> (0x8100), length 169: vlan 11, p 0, ethertype IPv4, IP 172.19.16.69 >
>> 150.4.1.70: icmp 131: echo request seq 42883
Also, does it show the frames if you use the vlan keyword?
=> tcpdump -n -i eth0 vlan 11 and proto \\icmp
--
,''`.
: :' : Romain Francoise <[EMAIL PROTECTED]>
`. `' http://people.debian.org/~rfrancoise/
`-
