lf1 is transmitting this packet over and over, but with different MAC addresses. The rest should be the same as the snippet below pulled from Ethereal. (I'm testing traffic generator code.): 0000 00 30 71 88 c8 38 00 48 54 85 2f b8 08 00 45 00 .0q..8.H T./...E. 0010 00 34 7e 91 40 00 40 06 2a 7a 18 09 70 c2 cf d4 .4~.@.@. *z..p... 0020 39 19 08 64 11 5c 79 c4 d3 47 46 fa df 96 80 10 9..d.\y. .GF..... 0030 7c 70 23 57 00 00 01 01 08 0a 17 df 04 dd 09 3a |p#W.... .......: 0040 91 e9 .. However, when I snoop with tcpdump on lf1, it shows a wierd protocol in the ethernet packet, as far as I can tell. I would expect to see a very similar decode to the one on the receiving machine.: 08:21:35.538397 > 0:0:0:0:0:0 0:c0:95:e2:4c:c 0003 66: sap 00 > sap 45 I (s=0,r=26,P) len=48 7e91 4000 4006 2a7a 1809 70c2 cfd4 3919 0864 115c 79c4 d347 46fa df96 8010 7c70 2357 0000 0101 080a 17df 04dd 093a 91e9 4500 0034 7e91 4000 4006 2a7a 1809 70c2 cfd4 3919 0864 115c 79c4 d347 46fa df96 8010 7c70 2357 0000 0101 080a 17df 04dd 093a 91e9 The receiving machine, lf4, seems to decode the packet fine though: 17:23:48.518817 < 0:c0:95:e2:4c:c 0:0:0:0:0:1 0800 66: 24.9.112.194.2148 > 207.212.57.25.4444: . 0:0(0) ack 1 win 31856 <nop,nop,timestamp 400491741 154833385> (DF) 4500 0034 7e91 4000 4006 2a7a 1809 70c2 cfd4 3919 0864 115c 79c4 d347 46fa df96 8010 7c70 2357 0000 0101 080a 17df 04dd 093a 91e9 lf1's ethernet card is a ZYNX tulip, which is acting a little funny, but seems to be passing traffic ok in most cases. lf4's ethernet card is an Intel eepro, and I have no obvious problems with it. I'm running RH 7.1 with the 2.4.5-pre3 kernel. To grab the captures, I'm using this command: tcpdump -nnex -p -i eth3 Are these normal traces to see? Thanks, Ben -- Ben Greear <greearb@candelatech.com> <Ben_Greear@excite.com> President of Candela Technologies Inc http://www.candelatech.com ScryMUD: http://scry.wanfear.com http://scry.wanfear.com/~greear - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
