Heya - not wishing to argue, but I'm really telling the truth. vlan0 is 192.168.200.1/24 and the workstation is at 192.168.200.2
# ping 192.168.200.2 PING 192.168.200.2 (192.168.200.2): 56 data bytes 64 bytes from 192.168.200.2: icmp_seq=0 ttl=64 time=4.221 ms 64 bytes from 192.168.200.2: icmp_seq=1 ttl=64 time=1.233 ms ^C --- 192.168.200.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.233/2.727/4.221/1.494 ms # ps auxw | grep tcpdump root 298 0.0 0.9 3832 2172 d0- S Sat07PM 0:51.74 /usr/sbin/tcpdump -l -n -e -ttt -i pflog0 root 48512 0.0 0.2 1468 608 p0 R+ 2:15PM 0:00.01 grep tcpdump root 67821 0.0 0.9 3852 2244 p0- S 9:12PM 0:17.03 tcpdump -i vlan0 # kill 67821 # ping 192.168.200.2 PING 192.168.200.2 (192.168.200.2): 56 data bytes ^C --- 192.168.200.2 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss # tcpdump -i vlan0 > /dev/null & [1] 48592 # tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vlan0, link-type EN10MB (Ethernet), capture size 96 bytes # ping 192.168.200.2 PING 192.168.200.2 (192.168.200.2): 56 data bytes 64 bytes from 192.168.200.2: icmp_seq=0 ttl=64 time=2.412 ms 64 bytes from 192.168.200.2: icmp_seq=1 ttl=64 time=1.009 ms ^C --- 192.168.200.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.009/1.710/2.412/0.701 ms # All I can think of is more Nokia weirdness. This is an IP330 with three on-board NICs. -----Original Message----- From: Chris Buechler [mailto:[EMAIL PROTECTED] Bill Marquette wrote: >> >> Doesn't really make any sense. We already are doing a background >> TCPDUMP to get the firewall logs. > > On pflog0. This is on the vlan interface which really is bizarre. I > could see if for some reason the physical fxp interface wasn't in > PROMISC mode needing to do it for that interface, but for the vlan > interface I'm stumped. And he said that's the only way it *works*? Due to the FreeBSD + promisc bug with VLAN's, tcpdumping any vlanX interface or the parent interface should kill all network activity on all VLAN's. Does on every box I've tried, and others have reported the same. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]