Re: Why does tcpdump show few packet?
- From: Pascal Hambourg <boite-a-spam@xxxxxxxxxxxxxxx>
- Date: Thu, 28 Sep 2006 11:24:04 +0200
Hello,
zhengda a écrit :
[...]
I try to use tcpdump, and don't filter any packets.
debian:/home/zhengda# tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
1 packets captured
250 packets received by filter
0 packets dropped by kernel
Could it be that your network card
is not in or does not support promiscuous mode? Look at the output of
'/sbin/ifconfig eth0' and look at the third line:
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
(not running tcpdump) verses
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
It seems that my card can't support promiscuous mode because the third line always "UP BROADCAST RUNNING MULTICAST" even I have run tcpdump with root.
Don't be fooled by ifconfig. My ifconfig doesn't show the promiscuous flag when I run tcpdump, even thought the interface supports it. I can check the interface is in promiscuous mode with "ip link" and by watching the kernel log messages "device eth0 entered promiscuous mode" when I start tcpdump.
Before, I always use ethereal and seldom tcpdump. But I'm sure that ethereal could capture the packets which wasn't from my system and wasn't sent to me.
So if my network card can't support promiscuous mode, why ethereal can capture these packets
I wonder why your tcpdump says "1 packets captured, *250* packets received by filter". Where are those 250 packets ?
.
- References:
- Why does tcpdump show few packet?
- From: Zheng Da
- Re: Why does tcpdump show few packet?
- From: Moe Trin
- Why does tcpdump show few packet?
- Prev by Date: Re: Any Help needed
- Next by Date: Re: Remote Control of Volume
- Previous by thread: Re: Why does tcpdump show few packet?
- Next by thread: Re: Why does tcpdump show few packet?
- Index(es):
Relevant Pages
|
