f16: tcpdump not working for local_ip<-->local_ip packet on p3p1

Alain Spineux aspineux at gmail.com
Mon Dec 12 18:26:05 UTC 2011 

tcpdump works fine for connection from/to outside but don't display
anything when using ethernet address

[root at f16asx ~]# ifconfig -a
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:37237 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37237 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4561605 (4.3 MiB)  TX bytes:4561605 (4.3 MiB)

p3p1      Link encap:Ethernet  HWaddr 00:0C:29:DC:02:F3
          inet addr:192.168.23.32  Bcast:192.168.23.255  Mask:255.255.255.0
          inet6 addr: 2001:6f8:3bc:23:20c:29ff:fedc:2f3/64 Scope:Global
          inet6 addr: fe80::20c:29ff:fedc:2f3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1352461 errors:1 dropped:176 overruns:0 frame:0
          TX packets:1957281 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:142615102 (136.0 MiB)  TX bytes:758686762 (723.5 MiB)
          Interrupt:18 Base address:0x2000

[root at f16asx ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.23.254  0.0.0.0         UG    0      0        0 p3p1
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 p3p1
192.168.23.0    0.0.0.0         255.255.255.0   U     0      0        0 p3p1

[root at f16asx ~]# tcpdump -n -i p3p1  port 6543
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on p3p1, link-type EN10MB (Ethernet), capture size 65535 bytes


>From another console :

[asx at f16asx nsweb]$ telnet 192.168.23.32  6543
Trying 192.168.23.32...
Connected to 192.168.23.32.
Escape character is '^]'.
foo
<head>
<title>Error response</title>
</head>
<body>
<h1>Error response</h1>
<p>Error code 400.
<p>Message: Bad request syntax ('foo').
<p>Error code explanation: 400 = Bad request syntax or unsupported method.
</body>
Connection closed by foreign host.

If I do the same from another host on the local network or if I try to
connect to another host or if I use "lo" the loopback and 127.0.0.1
instead , I can see the traffic !

It look like pcap don't want to capture packet that stay inside the
the host, except for "lo".

I have no FW rules and SELinux is disabled !

Any idea ?






-- 
Alain Spineux                   |  aspineux gmail com
Monitor your iT & Backups |  http://www.magikmon.com
Free Backup front-end       | http://www.magikmon.com/mksbackup
Your email 100% available |  http://www.emailgency.com

More information about the users mailing list