[tcpdump-workers] using tcpdump
Hello all users I am using scientific linux 6.3 which kernel 2.6.32-279.5.1.el6.x86_64. The chassis, say 'A', has 3 network interfaces. Eth1 has valid IP and is connected to internet and eth2 has invalid IP and is connected to another local switch. Problem is that the internet is randomly disconnected on eth1 so the computer is unreachable through ping command. At the same time, there is another chassis, say 'B', which has also the same configuration. I mean one interface of 'B' is connected to the internet (same internet witch as 'A') and one interface to local switch (same local switch as 'A'). However 'B' uses Ubuntu 12.04. The internet connection is steady and that means while 'A' is unreachable, 'B' can be pinged. The situation is very very random, so I tried to use "tcpdump -vvv -i eth1" to see if I can find any useful information about connect/disconnect messages. Can tcpdump help me with this problem? Any feedback is appreciated. Regards, Mahmood ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] using tcpdump
> "Mahmood" == Mahmood Naderan writes: Mahmood> I am using scientific linux 6.3 which kernel Mahmood> 2.6.32-279.5.1.el6.x86_64. The chassis, say 'A', has 3 Mahmood> network interfaces. Eth1 has valid IP and is connected to Mahmood> internet and eth2 has invalid IP and is connected to Mahmood> another local switch. Mahmood> Problem is that the internet is randomly disconnected on Mahmood> eth1 so the computer is unreachable through ping Mahmood> command. At the same time, there is another chassis, say Mahmood> 'B', which has also the same configuration. I mean one Mahmood> interface of 'B' is connected to the internet (same Mahmood> internet witch as 'A') and one interface to local switch Mahmood> (same local switch as 'A'). However 'B' uses Ubuntu 12.04. .. Mahmood> The situation is very very random, so I tried to use Mahmood> "tcpdump -vvv -i eth1" to see if I can find any useful Mahmood> information about connect/disconnect messages. Mahmood> Can tcpdump help me with this problem? Any feedback is appreciated. I think not if you are not very experienced using it. I would suspect that you have a duplicate IP address on your internet side. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] DLT for Bluetooth Low Energy
The list seems to be rejecting some posts, I just unsubbed/resubbed myself in the hopes that it wakes up and lets me post this time; it also bounced Mike Ryans post and he asked me to send it along. - Forwarded message from Mike Ryan - Date: Mon, 29 Apr 2013 13:09:32 -0700 From: Mike Ryan To: drag...@kismetwireless.net Subject: request: DLT for Bluetooth Low Energy [sent this as-is to tcpdump-workers@lists.tcpdump.org] I would like a DLT for Bluetooth Low Energy, which is described in the following document (warning, large PDF): https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=229737 The link layer specification begins on PDF page 2189. The packet format and headers begin on page 2200. Background: I am a security researcher and have implemented a BTLE sniffer for project Ubertooth (http://ubertooth.sf.net). One of my tools dumps captured packets to PCAP, currently using USER_DLT0. I have also written a Wireshark protocol dissector for these PCAP files. These pieces of software are intended for public release, so I would like a DLT for interoperability. More information about can be found at my personal site: http://lacklustre.net/bluetooth/ http://lacklustre.net/bluetooth/wireshark.html - End forwarded message - -- ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
