Denis Ovsienko wrote:
> Thus the behaviour is the same as it used to be for years, both on
> tcpdump side and on Linux side. It must be the odd timing that kept me
> thinking the BPF filter had somewhere flipped to do the opposite from
> its normal job, I had checked several times
Denis Ovsienko wrote:
> I have to correct myself: "tcpdump -pni eth0 not tcp" actually yields
> both TCP and everything else (ARP and UDP). It turns out that during
> all previous runs that "everything else" just didn't make it to the
> screen because of timing. Now it does, pleas
On Wed, 28 Jan 2015 01:20:26 + Michael Richardson wrote
>
>Denis Ovsienko wrote:
> > The host has an Ethernet interface with only an IPv6 link-local address
> > (eth0). On top of it there is a VLAN interface with VID 75 (eth0.75),
> > IPv6 link-local address and IPv4 address 10.
Denis Ovsienko wrote:
> The host has an Ethernet interface with only an IPv6 link-local address
> (eth0). On top of it there is a VLAN interface with VID 75 (eth0.75),
> IPv6 link-local address and IPv4 address 10.0.75.254/24. The difference
> is, when tcpdump runs with "-i eth0.7
[...]
> If IPv4 Protocol is TCP, go to 10, else go to 11
>
> > (010) ret #0
>
> Reject packet
>
> > (011) ret #262144
>
> Accept packet
>
> So that *looks* OK.
Thank you for the analysis!
>
> Could you run "tcpdump -i eth0 -xx not tcp" and see what the co
On Jan 27, 2015, at 4:28 PM, Denis Ovsienko wrote:
>
>> I.e., "tcpdump -i eth0 not tcp" prints *only* TCP packets?
>
> Yes, exactly. Just checked once again.
>
>> Just out of curiosity, what does "tcpdump -i eth0 -d not tcp" print?
>
> root@homepc:~# tcpdump -pni eth0 -d not tcp
> (000) ldh
> I.e., "tcpdump -i eth0 not tcp" prints *only* TCP packets?
Yes, exactly. Just checked once again.
> Just out of curiosity, what does "tcpdump -i eth0 -d not tcp" print?
root@homepc:~# tcpdump -pni eth0 -d not tcp
(000) ldh [12]
(001) jeq #0x86dd jt 2jf 7
(002) ldb
On Jan 27, 2015, at 4:09 PM, Denis Ovsienko wrote:
> some time ago I did troubleshooting on a Linux PC and that involved running
> tcpdump with the "not tcp" filter on a few network interfaces to put a number
> of background TCP connections out of scope (I was interested how other
> protocols
List,
some time ago I did troubleshooting on a Linux PC and that involved running
tcpdump with the "not tcp" filter on a few network interfaces to put a number
of background TCP connections out of scope (I was interested how other
protocols' packets were making from one interface to the other).
