All packets received come from sFlow protocol activated on remote switches (3 switches on the LAN). Even if I change IP 192.168.2.10 for 192.168.2.209 which is the one used by the machine where the program run in other to exclude statistics from this IP (192.168.2.209), I still see it on the list. So I try to exclude the IP of the probe itself and it still appears in the result!
On Fri, Jan 23, 2015 at 9:03 PM, Guy Harris <g...@alum.mit.edu> wrote: > > On Jan 23, 2015, at 5:44 PM, Gerhard Mourani <gmour...@gmail.com> wrote: > > > On mine I get: > > The same code. > > If you're seeing packets to or from 192.168.2.10, is there some form of > tunneling involved, so that the outermost IP addresses, which the filter > checks, aren't 192.168.2.10, but some innermore IP addresses are? > > _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
