Reputation: 117
tcpdump shows vrrp traffic (proto 112) only if keepalived is run on the host
In our LAN we have several keepalived clasters (used different virtual_router_id of course) - all operating on multicast. The issue is that before installing and running keepalived on particular host I cannot sniff vrrp traffic by tcpdump:
- when I started keepalived - I see ALL vrrp multicast of this LAN
- when I stopped keepalived - tcpdump shows nothing in vrrp
Already checked firewalld, iptabels and sysctl net.ipv4.ip_nonlocal_bind - everything is OK. OS - RHEL 8.0
The need to see vrrp traffic before running keepalived is because we want to generate unique virtual_router_id before installing and running keepalived by checking what ids are already taken.
Upvotes: 0
Views: 3575
Answers (1)
Reputation: 11
- no run keepalived server: don't use -i any and -p,more information man tcpdump; when your's keepalived instance use auth_type AH,proto is ah not vrrp,so suggest you use
tcpdump -i eth0 net 224.0.0.0/8
or
tcpdump -i eth0 vrrp or ah
run keepalived server: you can execute ip maddress show dev eth0,you will find add some change
link 01:00:5e:00:00:12
inet 224.0.0.18
so nic run promiscuity mode you can still capture packets
Upvotes: 1
Related Questions
- recvfrom(2) receives UDP broadcast twice, but tcpdump(8) receives it only once
- tcpdump on monitor-mode interface - nothing captured
- tcp keepalive - Protocol not available?
- keepalived works well without iptables
- Why isn't tcpdump rotating save files?
- keepalived cannot receive multicast packet on bond(m=1) interface but tcpdump can result in keepalived both enter master
- KeepAlived + HAProxy gets connection refused after a while
- TCP, recv function hanging despite KEEPALIVE
- tcpdump: capture outgoing packets on virtual interfaces that has an unknown link type to libpcap?
- tcpdump on dd-wrt router