This is running on Scientific Linux 6.2 (a clone of Redhat Enterprise)
- its not the distributed rpm version that we are using, but compiled
4.1.1 - I wasn't the one who compiled the binary, so I'm not sure what
options, etc. were selected, but can try compiling current and see if
it can be reprodu
Hi:
On tcpdump 4.1.1, printing from a saved standard format pcap file:
$ tcpdump -nn -tt -s 0 -r 128.XX.XX.197.icmp.trace |head -3
reading from file 128.XX.XX.197.icmp.trace, link-type EN10MB (Ethernet)
18:45:55.966123176 IP 128.XX.XX.197 > 78.186.239.143: ICMP host
128.XX.XX.33 unreachable, leng
All of the above are attempts to overcome the 'one filter per interface
per process' model that I believe libpcap imposes - or am I wrong? Is
there something I've overlooked?
Any advice welcome - thanks in advance.
--
Jim Mellander
Incident Response Manager
Computer Protection Pr
