Guy Harris wrote:
On Jul 31, 2008, at 11:29 AM, U. George wrote:
if i say this:
tcpdump -n -v -i eth1
i get a log of: ether type * and port *, ie the PPPoE data.
What you get is a log of "*", i.e. all data. "port *" is irrelevant;
Not so. The log of "*&quo
The filter "port domain" on an Ethernet interface (on my box) generates
a BPF filter that looks for Ethertype 0x86dd for IPv6 OR 0x0800 for
IPv4. It doesn't look for PPPoE, VLANs, GRE or anything else, because
you didn't specify that in your filter.
Actually I didnt specify 0x86dd or 0x0800 eith
Guy Harris wrote:
On Jul 31, 2008, at 10:48 AM, U. George wrote:
why does adding the "PORT" conditional also modify the wild-card
aspects of "ethernet type"
To what "wild-card aspects of 'ethernet type'" are you referring?
If you say "port do
should capture them. If you want to capture non-PPPoE DNS requests as
well, try
port domain or (pppoes and port domain)
[EMAIL PROTECTED] MyRblsmtpd]# /usr/sbin/tcpdump -n -v -i eth1 pppoes
and port domain
tcpdump: syntax error
PPPoE is not in my tcpdump man page :{
-
This is the
Guy Harris wrote:
On Jul 31, 2008, at 5:52 AM, U. George wrote:
BUT if i remove the 'port domain' i see all the packets:
[EMAIL PROTECTED] gat]# /usr/sbin/tcpdump -v -n -i eth1 tcpdump:
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
08:49:38.834343 PPPoE [
I just wanted to see Domain/DNS requests comming in from the 'outside'
and are being 'forwarded' back to the outside for answers.
every time I try:
[EMAIL PROTECTED] MyRblsmtpd]# /usr/sbin/tcpdump -n -v -i eth1 port domain
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
