Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic

From: Jon Hart <jhart () spoofed org>
Date: Thu, 6 Dec 2007 11:48:10 -0800
On Thu, Dec 06, 2007 at 06:22:41PM +0100, Jordi Espasa Clofent wrote:

<snip>


To check the re-injection process I quit the ethernet wire and launch a
tcpdump instance at the same time I lauch the step number 2; I think the
tcpdump should show traffic, so it's completely localhost traffic.

$ tcpdump -i vr0 -v


The difference between your command and Marty's is that yours lacks
a '-n', so your host is trying like mad to resolve the IP addresses
passing on vr0.  If my speculation is correct, if you let that command
run long enough, you'll eventually see output.  I basically never run
tcpdump without a -n.

-jon

-------------------------------------------------------------------------
SF.Net email is sponsored by: 
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: