From owner-freebsd-questions Sun Mar 21 18:21: 1 1999 Delivered-To: freebsd-questions@freebsd.org Received: from Ngate.in.tatainfotech.com (unknown [202.54.102.148]) by hub.freebsd.org (Postfix) with ESMTP id 2FBCC15649 for ; Sun, 21 Mar 1999 18:20:48 -0800 (PST) (envelope-from hardeep.parmar@tatainfotech.com) Received: from nepzmail.in.tatainfotech.com ([163.122.23.5]) by Ngate.in.tatainfotech.com (8.8.7/8.8.7) with SMTP id CAA02702; Mon, 22 Mar 1999 02:56:04 -0500 Received: from sybco046 by nepzmail.in.tatainfotech.com (8.6.10/SMI-4.1) id HAA18259; Mon, 22 Mar 1999 07:49:34 GMT Received: by sybco046 with Microsoft Mail id <01BE7438.8DAAE390@sybco046>; Mon, 22 Mar 1999 07:49:45 +0530 Message-ID: <01BE7438.8DAAE390@sybco046> From: Hardeep Parmar To: Hardeep Parmar , "questions@freebsd.org" , "'Leonard C.'" Subject: RE: BPF not working? Date: Mon, 22 Mar 1999 07:49:44 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG It appears you shall like to run tcpdump on ed0(your internel Lan = NIC).You say you have arpwatch running simulataneously on ed1. If what i assume is true try tcpdump -i ed0 and check if ed0 lands = itself up in promiscious mode(Note you should have /dev/bpf0 and = /dev/bpf1already). ---------- From: Leonard C. Sent: Saturday, March 20, 1999 7:00 AM To: Hardeep Parmar; questions@freebsd.org Subject: RE: BPF not working? At 03:39 AM 3/19/99 , you wrote: >Pls check wether the command tcpdump shows card in promiscious mode. >If it does show itself,then check if you are hooked on to switched=20 >network.Switch allows only the packet destined for your box to reach = you=20 >along with broadcast packets. I am reasonnably convinced that it is = 'The'=20 >problem with your box. Let me know if it is the same problem. >Bye icarus# ifconfig -a ed0: flags=3D8843 mtu 1500 inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255 ether 00:80:c8:0a:2f:c3 ed1: flags=3D8943 mtu = 1500 inet xx.xx.xx.xx netmask 0xffffff00 broadcast xx.xx.xx.xx atalk 4183.139 range 4183-4183 phase 2 broadcast 0.255 ether 00:80:ad:73:eb:fe .. ed1 is definately in promiscous mode from ifconfig. I've already got arpwatch running on ed1. It shouldn't be, but could that be the = problem? I have 4 BPF devices in the kernel. Also the network is definately not switched at all since we just use hubs here, but also from the large = amount if network activity and the number of packets rejected as input errors: icarus# netstat -i Name Mtu Network Address Ipkts Ierrs Opkts Oerrs = Coll ed1 1500 169.229.87/24 icarus 1118142890 827793614 16133140 817 12 65221 Would arpwatch be the problem? Leonard --=20 Support the Blue Ribbon Campaign for free speech online http://www.eff.org/blueribbon.html "Those who will not reason perish in the act.=20 Those who will not act, perish for that reason." - W. H. Auden=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message