From owner-freebsd-questions Thu Aug 13 06:27:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA27907 for freebsd-questions-outgoing; Thu, 13 Aug 1998 06:27:56 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from dude.mns.com.au ([203.23.81.130]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA27886 for ; Thu, 13 Aug 1998 06:27:53 -0700 (PDT) (envelope-from pak@mns.com.au) Received: from dude.mns.com.au (dude.mns.com.au [203.23.81.130]) by dude.mns.com.au (8.8.5/8.8.5) with SMTP id XAA01850 for ; Thu, 13 Aug 1998 23:28:54 +1000 (EST) Date: Thu, 13 Aug 1998 23:28:54 +1000 (EST) From: Paul Koch To: freebsd-questions@FreeBSD.ORG Subject: Strange BPF / tcpdump problem. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I had a strange problem today that I can only assume is a bug in the way BPF taps off packets in the ethernet interfaces. I saw the following: A stock FreeBSD-2.2.6 machine was connected to a BAY stackable 100M Ethernet switch via a SMC9432 NIC, using the tx driver. At bootup, the kernel probe messages showed that the interface was auto configured to 100M Full Duplex. The machine was running our Statscout network monitoring software connected to BAY Networks internal network. I was running tcpdump to check some things and everything looked good. A little while later, the BAY switch was replaced with a 10M ethernet hub because the switch was needed elsewhere. The tx0 interface automatically changed to 10M half duplex. The box was not rebooted at this stage. Everything continued on with no problems until I ran tcpdump and my statistical lan analyser which also uses the BPF device. Interestingly, each packet that was transmitted by the FreeBSD box was displayed twice by tcpdump. ie. ping someplace echo request echo request echo reply My statistical lan analyser also double counted the packets transmitted from the machine. A seperate LAN analyser connected to the same hub showed that the FreeBSD machine really only sent one 'echo request' and not two. I have looked through the if_tx.c source but cannot find why this would happen. I also looked though other if_xx.c code and have a thought that the same problem may exist for other interfaces. Has anyone seen this before ? thanks. ---------------------------------------------------------------------------- Paul Koch Director, Support and Development Email: pak@mns.com.au Micro Network Services Pty Ltd Web: http://www.mns.com.au Level 6, 360 Queen St, Phone: +61 7 32294750 Brisbane, Queensland, 4000 Fax: +61 7 32294506 Australia ---------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message