On 5/16/07, Harry Metske <[EMAIL PROTECTED]> wrote:
When we do this on zLinux, we see only weird packets passing, not anything that is recognized by either tcpdump or ethereal. The packets look like this :
The level 3 packets are plain IP. I believe there was something done to the tcpdump package by SuSE to make it pick the proper type. You might be able to convince it with the "-y" option. Mine just works out of the box (SLES9 64bit) lrobv1:~ # rpm -q tcpdump tcpdump-3.8.1-49.4 lrobv1:~ # tcpdump -i hsi0 -n -c 20 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on hsi0, link-type EN10MB (Ethernet), capture size 96 bytes 04:13:40.484243 IP 212.61.81.181.3969 > 148.100.96.70.22: . ack 421602459 win 16024 04:13:40.537029 IP 148.100.96.70.22 > 212.61.81.181.3969: P 1:217(216) ack 0 win 19296 04:13:40.536892 IP 148.100.96.70.22 > 212.61.81.181.3969: P 217:333(116) ack 0 win 19296 04:13:40.641418 IP 212.61.81.181.3969 > 148.100.96.70.22: . ack 333 win 15692 04:13:40.641458 IP 148.100.96.70.22 > 212.61.81.181.3969: P 333:485(152) ack 0 win 19296 04:13:40.641753 IP 148.100.96.70.22 > 212.61.81.181.3969: P 485:569(84) ack 0 win 19296 04:13:40.746184 IP 212.61.81.181.3969 > 148.100.96.70.22: . ack 569 win 15456 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
