There seems to be a very strange bug either in tcpdump or Linux networking code. There's a host having three eth interfaces. eth2 is on a smb network with misc Windows (95/98/NT) boxes. When I run "tcpdump -i eth2" it works OK for a while but then tcpdump reports a large (usually 65535 bytes ie. max size) NetBeui packet in the beginning of which is usually some normal NetBeui data and the rest of which (after some 4kb or so) seems to be raw data (well, I think it is) from my hard disk (parts of files in /etc). After displaying this tcpdump usually segfaults, but not every time. One example packet, in the beginning of which is a part of a web page an other guy was reading on a windows box (so it's not normal NetBeui data, I think), can be found at http://www.viloke.fi/tcpdump/. I suppose that there's no such strange packets really going on the network but tcpdump/Linux messes it up locally. I'll confirm this tomorrow by taking another Linux box and sniffing the network with it, too (let's hope it won't crash...). My system: eth0 and eth1: 3c905C Tornado eth2 ethernetcard: SMC-Ultra Linux 2.2.17 (from Debian sources) tcpdump: 3.4a6 (from Debian) and 3.15 (from www.tcpdump.org) libpcap: 0.4a6 If there's any more information I may give, please mail me. Panu Hällfors -- Panu Hällfors | Internet Application Developer, Viloke Oy panu.hallfors@viloke.fi | http://www.viloke.fi - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu
