Good day, I hope this is the appropriate list. I am having issues using BPFs to filter out traffic captures. If I want to block a specific host by IP, the traffic is still recorded. I tried tcpdump and get the same results.
Am I missing something? Examples: # tcpdump -nt -i igb2 -w tcpdump.pcap not host 10.100.66.31 # tcpdump -nt -r tcpdump.pcap | less IP 10.100.66.31.13724 > 10.100.66.30.3090: . 42904:44352(1448) ack 1 win 64340 <nop,nop,timestamp 1324022 586994> IP 10.100.66.31.13724 > 10.100.66.30.3090: . 44352:45800(1448) ack 1 win 64340 <nop,nop,timestamp 1324022 586994> IP 10.100.66.30.3090 > 10.100.66.31.13724: . ack 5792 win 65535 <nop,nop,timestamp 587015 1324022> IP 10.100.66.31.13724 > 10.100.66.30.3090: . 45800:47248(1448) ack 1 win 64340 <nop,nop,timestamp 1324022 586994> It gets stranger, if I read the pcap file and filter for the host it returns blank: # tcpdump -nt -r tcpdump.pcap host 10.100.66.31 reading from file tcpdump.pcap, link-type EN10MB (Ethernet) # I have tried several variations of syntax and had no luck. Also used several tools (tcpdump, tshark, daemonlogger) and have had the same results so I suspect it may be libpcap related. The system is running FreeBSD 7.2 GENERIC amd64 Any suggestions would be much appreciated. Cheers! _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
