Guy Harris wrote:
On Jul 31, 2008, at 11:29 AM, U. George wrote:
if i say this:
tcpdump -n -v -i eth1
i get a log of: ether type * and port *, ie the PPPoE data.
What you get is a log of "*", i.e. all data. "port *" is irrelevant;
Not so. The log of "*" is the sum of all the "*"'s. wh
On Thu, 2008-07-31 at 23:26 -0400, U. George wrote:
> >
> > The filter "port domain" on an Ethernet interface (on my box) generates
> > a BPF filter that looks for Ethertype 0x86dd for IPv6 OR 0x0800 for
> > IPv4. It doesn't look for PPPoE, VLANs, GRE or anything else, because
> > you didn't speci
The filter "port domain" on an Ethernet interface (on my box) generates
a BPF filter that looks for Ethertype 0x86dd for IPv6 OR 0x0800 for
IPv4. It doesn't look for PPPoE, VLANs, GRE or anything else, because
you didn't specify that in your filter.
Actually I didnt specify 0x86dd or 0x0800 eith
On Jul 31, 2008, at 11:29 AM, U. George wrote:
if i say this:
tcpdump -n -v -i eth1
i get a log of: ether type * and port *, ie the PPPoE data.
What you get is a log of "*", i.e. all data. "port *" is irrelevant;
not all packets that would match "ether type *" *HAVE* a port numbe
On Thu, 2008-07-31 at 14:29 -0400, U. George wrote:
> Guy Harris wrote:
> >
> > On Jul 31, 2008, at 10:48 AM, U. George wrote:
> >
> >> why does adding the "PORT" conditional also modify the wild-card
> >> aspects of "ethernet type"
> >
> > To what "wild-card aspects of 'ethernet type'" are you
Guy Harris wrote:
On Jul 31, 2008, at 10:48 AM, U. George wrote:
why does adding the "PORT" conditional also modify the wild-card
aspects of "ethernet type"
To what "wild-card aspects of 'ethernet type'" are you referring?
If you say "port domain", that can only match TCP or UDP packets, wh
On Jul 31, 2008, at 11:11 AM, U. George wrote:
[EMAIL PROTECTED] MyRblsmtpd]# /usr/sbin/tcpdump -n -v -i eth1
pppoes and port domain
tcpdump: syntax error
PPPoE is not in my tcpdump man page :{
To quote my original mail:
If the DNS requests are on PPPoE, then, *at least with a
suffici
On Jul 31, 2008, at 10:48 AM, U. George wrote:
why does adding the "PORT" conditional also modify the wild-card
aspects of "ethernet type"
To what "wild-card aspects of 'ethernet type'" are you referring?
If you say "port domain", that can only match TCP or UDP packets,
which means it can
should capture them. If you want to capture non-PPPoE DNS requests as
well, try
port domain or (pppoes and port domain)
[EMAIL PROTECTED] MyRblsmtpd]# /usr/sbin/tcpdump -n -v -i eth1 pppoes
and port domain
tcpdump: syntax error
PPPoE is not in my tcpdump man page :{
-
This is the
Guy Harris wrote:
On Jul 31, 2008, at 5:52 AM, U. George wrote:
BUT if i remove the 'port domain' i see all the packets:
[EMAIL PROTECTED] gat]# /usr/sbin/tcpdump -v -n -i eth1 tcpdump:
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
08:49:38.834343 PPPoE [ses 0xea20]
On Jul 31, 2008, at 5:52 AM, U. George wrote:
BUT if i remove the 'port domain' i see all the packets:
[EMAIL PROTECTED] gat]# /usr/sbin/tcpdump -v -n -i eth1 tcpdump:
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
08:49:38.834343 PPPoE [ses 0xea20] [length 48 (4 ext
I just wanted to see Domain/DNS requests comming in from the 'outside'
and are being 'forwarded' back to the outside for answers.
every time I try:
[EMAIL PROTECTED] MyRblsmtpd]# /usr/sbin/tcpdump -n -v -i eth1 port domain
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
12 matches
Mail list logo
