f16: tcpdump not working for local_ip<-->local_ip packet on p3p1
Alain Spineux
aspineux at gmail.com
Mon Dec 12 20:23:28 UTC 2011
it
On Mon, Dec 12, 2011 at 7:26 PM, Alain Spineux <aspineux at gmail.com> wrote:
> tcpdump works fine for connection from/to outside but don't display
> anything when using ethernet address
>
> [root at f16asx ~]# ifconfig -a
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:37237 errors:0 dropped:0 overruns:0 frame:0
> TX packets:37237 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:4561605 (4.3 MiB) TX bytes:4561605 (4.3 MiB)
>
> p3p1 Link encap:Ethernet HWaddr 00:0C:29:DC:02:F3
> inet addr:192.168.23.32 Bcast:192.168.23.255 Mask:255.255.255.0
> inet6 addr: 2001:6f8:3bc:23:20c:29ff:fedc:2f3/64 Scope:Global
> inet6 addr: fe80::20c:29ff:fedc:2f3/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:1352461 errors:1 dropped:176 overruns:0 frame:0
> TX packets:1957281 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:142615102 (136.0 MiB) TX bytes:758686762 (723.5 MiB)
> Interrupt:18 Base address:0x2000
>
> [root at f16asx ~]# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 0.0.0.0 192.168.23.254 0.0.0.0 UG 0 0 0 p3p1
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 p3p1
> 192.168.23.0 0.0.0.0 255.255.255.0 U 0 0 0 p3p1
>
> [root at f16asx ~]# tcpdump -n -i p3p1 port 6543
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on p3p1, link-type EN10MB (Ethernet), capture size 65535 bytes
It looks like the traffic goes trough "lo" instead of ethernet device !
[root at f16asx ~]# tcpdump -n -i lo port 6543
Show it as expected !
This has changed ! Maybe kernel 3.1 ?
>
>
> From another console :
>
> [asx at f16asx nsweb]$ telnet 192.168.23.32 6543
> Trying 192.168.23.32...
> Connected to 192.168.23.32.
> Escape character is '^]'.
> foo
> <head>
> <title>Error response</title>
> </head>
> <body>
> <h1>Error response</h1>
> <p>Error code 400.
> <p>Message: Bad request syntax ('foo').
> <p>Error code explanation: 400 = Bad request syntax or unsupported method.
> </body>
> Connection closed by foreign host.
>
> If I do the same from another host on the local network or if I try to
> connect to another host or if I use "lo" the loopback and 127.0.0.1
> instead , I can see the traffic !
>
> It look like pcap don't want to capture packet that stay inside the
> the host, except for "lo".
>
> I have no FW rules and SELinux is disabled !
>
> Any idea ?
>
>
>
>
>
>
> --
> Alain Spineux | aspineux gmail com
> Monitor your iT & Backups | http://www.magikmon.com
> Free Backup front-end | http://www.magikmon.com/mksbackup
> Your email 100% available | http://www.emailgency.com
--
Alain Spineux | aspineux gmail com
Monitor your iT & Backups | http://www.magikmon.com
Free Backup front-end | http://www.magikmon.com/mksbackup
Your email 100% available | http://www.emailgency.com
More information about the users
mailing list