On Fri, Oct 05, 2007 at 05:31:25PM -0600, [EMAIL PROTECTED] wrote: > I'm having trouble seeing packets which are not going to or from the > machine on which tcpdump is running. Is there something special I > need to do to enable this? It's my understanding tcpdump puts the > interface in promiscuous mode, and dmesg seems to confirm this. > However I see the following behavior using "tcpdump -fntl -i ed1": > > If hosts .x, .y, and .z are all on the same network, > and if tcpdump is running on host a.b.c.x > and on host a.b.c.y I do > ping a.b.c.x > > I see the icmp packets. > > But if on host a.b.c.y I do > ping a.b.c.z > > I see nothing. > Does the interface drop packets with a different mac address, even > when supposedly put in promiscuous mode? > > Clues?
You're probably plugged into a switch ("learning bridge"). Switches
partition your collision domain -- they learn which MAC is available on
which port and only send on that port.
You either need a hub or a really expensive switch (the kind that you
log in to and set up port mirrors).
--
Chris Cowart
Lead Systems Administrator
Network & Infrastructure Services, RSSP-IT
UC Berkeley
pgpHpDgl1KEhH.pgp
Description: PGP signature
