f16: tcpdump not working for local_ip<-->local_ip packet on p3p1
Alain Spineux
aspineux at gmail.com
Mon Dec 12 18:26:05 UTC 2011
tcpdump works fine for connection from/to outside but don't display
anything when using ethernet address
[root at f16asx ~]# ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:37237 errors:0 dropped:0 overruns:0 frame:0
TX packets:37237 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4561605 (4.3 MiB) TX bytes:4561605 (4.3 MiB)
p3p1 Link encap:Ethernet HWaddr 00:0C:29:DC:02:F3
inet addr:192.168.23.32 Bcast:192.168.23.255 Mask:255.255.255.0
inet6 addr: 2001:6f8:3bc:23:20c:29ff:fedc:2f3/64 Scope:Global
inet6 addr: fe80::20c:29ff:fedc:2f3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1352461 errors:1 dropped:176 overruns:0 frame:0
TX packets:1957281 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:142615102 (136.0 MiB) TX bytes:758686762 (723.5 MiB)
Interrupt:18 Base address:0x2000
[root at f16asx ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.23.254 0.0.0.0 UG 0 0 0 p3p1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 p3p1
192.168.23.0 0.0.0.0 255.255.255.0 U 0 0 0 p3p1
[root at f16asx ~]# tcpdump -n -i p3p1 port 6543
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on p3p1, link-type EN10MB (Ethernet), capture size 65535 bytes
>From another console :
[asx at f16asx nsweb]$ telnet 192.168.23.32 6543
Trying 192.168.23.32...
Connected to 192.168.23.32.
Escape character is '^]'.
foo
<head>
<title>Error response</title>
</head>
<body>
<h1>Error response</h1>
<p>Error code 400.
<p>Message: Bad request syntax ('foo').
<p>Error code explanation: 400 = Bad request syntax or unsupported method.
</body>
Connection closed by foreign host.
If I do the same from another host on the local network or if I try to
connect to another host or if I use "lo" the loopback and 127.0.0.1
instead , I can see the traffic !
It look like pcap don't want to capture packet that stay inside the
the host, except for "lo".
I have no FW rules and SELinux is disabled !
Any idea ?
--
Alain Spineux | aspineux gmail com
Monitor your iT & Backups | http://www.magikmon.com
Free Backup front-end | http://www.magikmon.com/mksbackup
Your email 100% available | http://www.emailgency.com
More information about the users
mailing list