Date: Wed, 10 Apr 96 10:07:25 MET DST From: Greg Lehey <lehey.pad@sni.de> To: branson@longstreet.larc.nasa.gov (Branson Matheson) Cc: freebsd-questions@FreeBSD.org Subject: Re: Violently pulling out my hair Message-ID: <199604100806.KAA12332@nixpbe.pdb.sni.de> In-Reply-To: <199604081558.LAA02702@longstreet.larc.nasa.gov>; from "Branson Matheson" at Apr 8, 96 11:58 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > Ok... tcpdump manpage gently describes the wonderful way to montior > packets from an ethernet address as follows: > > ether host ehost > True if either the ethernet source or destination address is > ehost. > > So I tried: > > root@garion > tcpdump ether host gw.hq.ferg.com > tcpdump: only ethernet/FDDI supports link-level host name > > Grrr... > > OK.. there IS an entry in my ethers file.. looks like: > > 08:0:3e:0:24:f3 gw.hq.ferg.com > > Allright so next i tried... > > branson@garion #tcpdump ether host 08:00:09:d4:65:ff > tcpdump: ethernet address used in non-ether expression > > This is really frustrating.. can any one help? This looks to me like tcpdump is going for the wrong interface. The message tells you that you can only use this option on an Ethernet or FDDI interface. Assuming that you are really trying to trace an Ethernet interface (say, ed0), try: tcpdump -i ed0 ether host 08:00:09:d4:65:ff If that doesn't work, try tcpdump -i ed0 host gw.hq.ferg.com This should definitely work. If not, let me know the error messages. An output from netstat -i would also help. Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604100806.KAA12332>