Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 27 Mar 2008 22:47:37 +0100
From:      Markus <universe@truemetal.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: tcpdump stopped working / changes to pcap since 5.2.1-RELEASE?
Message-ID:  <20080327224737.6c2e7582.universe@truemetal.org>
In-Reply-To: <20080326000141.7b450699.universe@truemetal.org>
References:  <20080326000141.7b450699.universe@truemetal.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Mar 2008 00:01:41 +0100
Markus <universe@truemetal.org> wrote:

> Were there any changes to tcpdump, the em driver, pcap or another part
> of the OS in recent history which could lead to such a behavior?
> Again, regular packets on any em-interface we can collect just fine,
> just the packets coming in through the monitoring port are being
> "ignored"... 

Reply to myself, for the archives: the issue was resolved. While before
and including 5.2.1-RELEASE (and possibly in later releases as well, but
NOT in 6.3-RELEASE and 7.0-RELEASE) tcpdump displayed simply ALL
packets, regardless whether those packets were VLAN tagged or not,
coming in on the specific interface(s) (em(4)), i.e.

tcpdump -n -i em3 host a.b.c.d

it now (in 6.3-RELEASE and 7.0-RELEASE) requires explicitly the
following statement to display VLAN tagged traffic:

tcpdump -n -i em3 vlan and host a.b.c.d

Or in other words: add "vlan" to the tcpdump expression and it works
just fine. Before the latest few releases this wasn't necessary for VLAN
tagged packets.

Regards
Markus



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080327224737.6c2e7582.universe>