Re: f16: tcpdump not working for local_ip<-->local_ip packet on p3p1

Alain Spineux <aspineux@xxxxxxxxx> · Mon, 12 Dec 2011 21:23:28 +0100

it

On Mon, Dec 12, 2011 at 7:26 PM, Alain Spineux <aspineux@xxxxxxxxx> wrote:
> tcpdump works fine for connection from/to outside but don't display
> anything when using ethernet address
>
> [root@f16asx ~]# ifconfig -a
> lo        Link encap:Local Loopback
>          inet addr:127.0.0.1  Mask:255.0.0.0
>          inet6 addr: ::1/128 Scope:Host
>          UP LOOPBACK RUNNING  MTU:16436  Metric:1
>          RX packets:37237 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:37237 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:0
>          RX bytes:4561605 (4.3 MiB)  TX bytes:4561605 (4.3 MiB)
>
> p3p1      Link encap:Ethernet  HWaddr 00:0C:29:DC:02:F3
>          inet addr:192.168.23.32  Bcast:192.168.23.255  Mask:255.255.255.0
>          inet6 addr: 2001:6f8:3bc:23:20c:29ff:fedc:2f3/64 Scope:Global
>          inet6 addr: fe80::20c:29ff:fedc:2f3/64 Scope:Link
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:1352461 errors:1 dropped:176 overruns:0 frame:0
>          TX packets:1957281 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:1000
>          RX bytes:142615102 (136.0 MiB)  TX bytes:758686762 (723.5 MiB)
>          Interrupt:18 Base address:0x2000
>
> [root@f16asx ~]# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 0.0.0.0         192.168.23.254  0.0.0.0         UG    0      0        0 p3p1
> 169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 p3p1
> 192.168.23.0    0.0.0.0         255.255.255.0   U     0      0        0 p3p1
>
> [root@f16asx ~]# tcpdump -n -i p3p1  port 6543
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on p3p1, link-type EN10MB (Ethernet), capture size 65535 bytes

It looks like the traffic goes trough "lo" instead of ethernet device !

[root@f16asx ~]# tcpdump -n -i lo port 6543

Show it as expected !

This has changed  ! Maybe kernel 3.1 ?

>
>
> From another console :
>
> [asx@f16asx nsweb]$ telnet 192.168.23.32  6543
> Trying 192.168.23.32...
> Connected to 192.168.23.32.
> Escape character is '^]'.
> foo
> <head>
> <title>Error response</title>
> </head>
> <body>
> <h1>Error response</h1>
> <p>Error code 400.
> <p>Message: Bad request syntax ('foo').
> <p>Error code explanation: 400 = Bad request syntax or unsupported method.
> </body>
> Connection closed by foreign host.
>
> If I do the same from another host on the local network or if I try to
> connect to another host or if I use "lo" the loopback and 127.0.0.1
> instead , I can see the traffic !
>
> It look like pcap don't want to capture packet that stay inside the
> the host, except for "lo".
>
> I have no FW rules and SELinux is disabled !
>
> Any idea ?
>
>
>
>
>
>
> --
> Alain Spineux                   |  aspineux gmail com
> Monitor your iT & Backups |  http://www.magikmon.com
> Free Backup front-end       | http://www.magikmon.com/mksbackup
> Your email 100% available |  http://www.emailgency.com

-- 
Alain Spineux                   |  aspineux gmail com
Monitor your iT & Backups |  http://www.magikmon.com
Free Backup front-end       | http://www.magikmon.com/mksbackup
Your email 100% available |  http://www.emailgency.com
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org