[tcpdump-workers] Tcpdump not showing packets while the TX counter increments.
List, I hope this is a good place to ask this question as quite a bit of googling didn't return anything useful. I have an unprovisioned ethernet interface showing some TX packets: # ifconfig -a eth1 eth1: flags=4163 mtu 1500 inet6 fe80::224:e8ff:fe80:9258 prefixlen 64 scopeid 0x20 ether 00:24:e8:80:92:58 txqueuelen 1000 (Ethernet) RX packets 1334743 bytes 124150467 (118.3 MiB) RX errors 0 dropped 128753314 overruns 0 frame 0 TX packets 81 bytes 6380 (6.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 48 memory 0xd800-d8012800 But those aren't showing up with: # tcpdump -i eth1 -n -e -Q out Anyone know what this traffic could be? Why on earth would there by any TX packets on this interface when it doesn't have an IP, and why don't they show up in tcpdump? Thanks, schu ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Tcpdump not showing packets while the TX counter increments.
Oh, sorry, that would have been helpful: Slackware64-14.0 Linux 3.2.45 #2 SMP Fri May 31 20:14:55 CDT 2013 x86_64 Intel(R) Xeon(R) CPU X5550 @ 2.67GHz GenuineIntel GNU/Linux glibc-2.15 I dug around in the kernel source looking for what exactly causes the counter to increment, but it wasn't at all obvious what was going on. Thanks for your help, schu On 11/10/2014 03:13 PM, Guy Harris wrote: > > On Nov 10, 2014, at 2:17 PM, Matthew Schumacher wrote: > >> I have an unprovisioned ethernet interface showing some TX packets: >> >> # ifconfig -a eth1 >> eth1: flags=4163 mtu 1500 >>inet6 fe80::224:e8ff:fe80:9258 prefixlen 64 scopeid 0x20 >>ether 00:24:e8:80:92:58 txqueuelen 1000 (Ethernet) >>RX packets 1334743 bytes 124150467 (118.3 MiB) >>RX errors 0 dropped 128753314 overruns 0 frame 0 >>TX packets 81 bytes 6380 (6.2 KiB) >>TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >>device interrupt 48 memory 0xd800-d8012800 >> >> But those aren't showing up with: >> >> # tcpdump -i eth1 -n -e -Q out > > On what operating system is this? > ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Tcpdump not showing packets while the TX counter increments.
On 11/11/2014 11:35 AM, Guy Harris wrote: >> But those aren't showing up with: >> >> # tcpdump -i eth1 -n -e -Q out > > What happens with > > tcpdump -i eth1 -n -e -p > > i.e., not filtering only for outgoing packets, but also not running in > promiscuous mode? (Just to make sure that the direction filtering is done > correctly on Linux.) > I see all of the ingress broadcast and multicast traffic which is what I would expect. I also tried: tcpdump -i eth1 -n -e -p ether host 00:24:e8:80:92:58 But that doesn't show any traffic either even though the ifconfig tx count does grow, though very slowly. I ran the same test on a host running kernel 3.10.17 and it does show traffic when the TX counter increments as an ARP reply: 15:37:41.569057 00:22:75:d7:02:d4 > 00:50:56:86:17:6d, ethertype ARP (0x0806), length 42: Reply 192.168.7.99 is-at 00:22:75:d7:02:d4, length 28 That's very odd that: 1. The 3.2.45 host doesn't show any traffic even though the TX increments. 2. The 3.10.17 host shows all traffic that causes the TX to increment, but responds to arp on an interface that doesn't have an IP address. Weird stuffs. schu ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
