From owner-freebsd-questions Fri Dec 11 11:58:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA19631 for freebsd-questions-outgoing; Fri, 11 Dec 1998 11:58:34 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from eamail1.unisys.com (eamail1.unisys.com [192.61.103.80]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA19616 for ; Fri, 11 Dec 1998 11:58:32 -0800 (PST) (envelope-from singhh@delpo1.in.unisys.com) Received: from ea-gateway-1.ea.unisys.com (ea-gateway-1.ea.unisys.com [192.61.145.122]) by eamail1.unisys.com (8.8.5/8.8.5) with ESMTP id TAA18221 for ; Fri, 11 Dec 1998 19:58:02 GMT Message-Id: <199812111958.TAA18221@eamail1.unisys.com> Received: by ea-gateway-1.ea.unisys.com with Internet Mail Service (5.5.2232.9) id ; Fri, 11 Dec 1998 14:00:49 -0600 From: "Singh, Hardeep IN" To: FreeBSD Subject: Tcpdump strange problem Date: Sat, 12 Dec 1998 01:24:00 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello Gentlemen, I want to run tcpdump on my machine to monitor traffic. I have done following things so far 1.Recompiling the Kernel with statement as pseudo-device bpfilter 4 2.All me devices(and network cards are working extremely fine) and I have DEC PCI Ethernet DECCHip adapter with corresponding entry in kernel of de0 and is working fine. 3.I have installed tcpdump and trafshow on my machine. Now when i run tcpdump or trafshow the following happens 1.All packets directed to and from my host are shown 2.All packets for broadcast and multicast are shown e.g arp request and arp replies 3.When I invoke tcpdump for viewing packets on some host celtics e.g >tcpdump -n host celtics The reply is as >>>> Dec 11 21:56:11 Myhost /kernel: de0: promiscuous mode enabled tcpdump:listening on de0 /** Only arp packets for celtics are visible **/ ^C /* Aborting operation */ 1051 packets received by filter 0 packets dropped by kernel 4.Other packets from HostA to HostB where both HostA and HostB and proper hosts are NOT visible at all despite of choosing (probably as many as possible) expressions given to tcpdump and trafshow as command line arguments. Is there some change to be made in code for getting the packets destined for other hosts to be picked up by my network card.In fact the no of packets that appear in the statement that are received by filter do seem to indicate that the kernel is getting the packets but some how it the pplication is not printing them.Please help me with it.I had given a try to FAQ,HelpBook and mail list archive but could not find my answer any where Hoping for quick and prompt reply Thanks and Regards singhh@delpo1.in.unisys.com Hardeep Singh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message