Re: Help with tcpdump query

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Dan Track wrote:
On 10/13/06, T. Horsnell <tsh@xxxxxxxxxxxxxxxxx> wrote:

>Hi
>
>Could someone please point out to me where I'm going wrong with the following:
>
>tcpdump -i eth0  not port 22 and not port 53 not ip proto icmp
>

According to my man pages, you need to escape the icmp keyword thus (for C-shell)

tcpdump -i eth0  not port 22 and not port 53 not ip proto \\icmp

It works for me.

To avoid the unresolvable ip addr, either aviod DSN lookups altogether
with -n , or include 'and not host xxx' where xxx is the ip address
you want to skip:

tcpdump -i eth0 not port 22 and not port 53 and not host xxx and not ip proto \\icmp

Cheers,
Terry.


>Additionally there's a client popping up that doesn't havea resolvable
>hostname how can I exclude it with tcpdump?
>
>Thanks in advance
>Dan



Hi

Thanks for the reply unforutnately I'm still getting the unresolvable error:

tcpdump -n -i eth0  not port 22 and not port 53 and not host
a72-246-55-1.deploy.akamaitechnologies.com and not ip proto \\icmp

tcpdump: unknown host 'a72-246-55-1.deploy.akamaitechnologies.com'

Any ideas?

Thanks
Dan

Use the resolver debugging tool "dig":
   dig a72-246-55-1.deploy.akamaitechnologies.com any
You will probably get "servfail".
You could go on to try
   dig @access.akamai.com. deploy.akamaitechnologies.com any +norecurse
What you will find is that a bunch of nameservers at akamai.com
are claimed to be nameservers for deploy.akamaitechnolgies.com,
but probably none of those (I only tried one) are actually servers
for deploy.akamaitechnologies.com.

Short answer: akamai.com. doesn't have their nameservers set up
to correctly serve the deploy.akamaitechnologies.com domain.
You will need to either delete that rule from your rule set, or use
the IP address instead.  (Of course, that doesn't answer the
question of how you find out the IP address if their nameservers
are not properly configured.  Perhaps you have a log entry or something
that identifies the IP address.)

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux