From owner-freebsd-security  Mon Nov 11 21:18:18 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A616037B401
	for <security@FreeBSD.ORG>; Mon, 11 Nov 2002 21:18:16 -0800 (PST)
Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4D75B43E3B
	for <security@FreeBSD.ORG>; Mon, 11 Nov 2002 21:18:16 -0800 (PST)
	(envelope-from emechler@radix.cryptio.net)
Received: from radix.cryptio.net (localhost [127.0.0.1])
	by radix.cryptio.net (8.12.6/8.12.6) with ESMTP id gAC5Ht2Z014856
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Mon, 11 Nov 2002 21:17:55 -0800 (PST)
	(envelope-from emechler@radix.cryptio.net)
Received: (from emechler@localhost)
	by radix.cryptio.net (8.12.6/8.12.6/Submit) id gAC5HtMP014855;
	Mon, 11 Nov 2002 21:17:55 -0800 (PST)
Date: Mon, 11 Nov 2002 21:17:55 -0800
From: Erick Mechler <emechler@techometer.net>
To: Duncan Patton a Campbell is Dhu <freebsd@babayaga.neotext.ca>
Cc: security <security@FreeBSD.ORG>
Subject: Re: tcpdump question
Message-ID: <20021112051755.GS96637@techometer.net>
References: <20021109231151.GF33758@roughtrade.net> <Pine.GSO.4.44.0211111114070.27378-100000@mail.ilrt.bris.ac.uk> <20021112042109.M47365@babayaga.neotext.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021112042109.M47365@babayaga.neotext.ca>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

:: I excute tcpdump as follows:
:: 
:: wta# tcpdump
:: tcpdump: listening on rl0
:: 20:15:38.334292 wta.indx.ca > babayaga.neotext.ca:
:: ESP(spi=0x000012f5,seq=0x5aa5) (DF) [tos 0x10] 
:: ^C
:: 20:15:38.348979 
:: 583 packets received by filter
:: 0 packets dropped by kernel

:: So, ummh, where are all the other packets?

Try running tcpdump with the -l ('el') flag and piping to `tee` as
documented in the manpage.  The -n flag will also speed up tcpdump's work.  
You should get what you expect using those two flags together.

Cheers - Erick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message