Libraco
Reputation: 151
Why doesn't tcpdump catch packet after specifying ip?
when I usetcpdump -i eth0 -nn,you can see the packet from 192.168.19.101
(I don't have enough reputation to post a picture)
but when I specify ip,tpyetcpdump -i eth0 -nn host 192.168.19.101,tcpdump captured no packets but recieved some packets.
WHY?
Upvotes: 0
Views: 615
Answers (1)
user862787
Reputation:
OK, then it's an unfortunate consequence of the difficulty of handling VLAN encapsulation in BPF. VLAN packets captured on a "raw" interface (that supplies packets with their VLAN headers intact) aren't treated as IP packets, they're treated as VLAN packets, so you need to do "vlan and" to skip past the VLAN header.
Upvotes: 1
Related Questions
- How to resolve tcpdump dropped packets?
- tcpdump - resolve IP and skip resolving ports
- tcpdump / wireshark capturing problems
- about tcpdump option - Get IP and protocol name
- Why TCPDUMP shows Ethernet packet when querying TCP packet?
- Is it possible that packet captured by tcpdump, but lost in tcp kernel?
- Capturing on a non-default interface with tcpdump
- tcpdump inside a shell script captures nothing
- tcpdump always filters my packets
- tcpdump - ignore unkown host error