the capture layer about tcpdump,more info

[叶铮 <yezheng62155 () huawei com>]

 <mailto:germylure () huawei com> Hello ,everyone, I need your help! 
 
      I am a freshman on tcpdump, I have a problem about it, I try to
capture the Trafic Control Frame(2nd layer ,the Pause Frame,which used to
tell the Switch pause Transmitting frames to the host, because the host RX
buffer is near full).
      The Pause Frame ethertype is 0x8808 , but I have never capture one
Pause packet successfully, why ? I want to know which layer the tcpdump
works ? ethernet ,IP or TCP/UDP ?  thank you 
 
   
     additional info : NIC chip info
      
     The minimum size frame is 512 bits or 64 bytes (see Figure 122). MAC
control frames must pad zeros into the unused portion of the payload. A flow
control frame contains the following fields:
*    Destination address field, set to 01-80-C2-00-00-01
*    Source address field set to unique MAC address of sender
*    LL/Type field set to the 802_3_MAC_CONTROL value, set to 88-08
*    MAC control pause opcode (00-01), pause_time, and reserved field
(zeros)
 
 
ifInDiscards , is the register  corresponding to the value of drop ,included
ifconfig
         The number of inbound packets which were chosen to be discarded
even though no error has been detected to prevent their being deliverable to
a higher-layer protocol.
 
         As soon as PAUSE frame is transmitted, any incoming packet can be
dropped, and the ifInDiscard counter in statistics will increase. When
packet size is small(64 bytes)with 1000 Mbps, more frames can be dropped.
Even if the PAUSE frame is transmitted, Pause frames cannot inhibit MAC
control frames.
 
 
 
    
    The tcpdump cammands
     
    Inter-|   Receive                                                |
Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
    lo: 2976877   22027    0    0    0     0          0         0  2976877
22027    0    0    0     0       0          0
  eth0: 1099786   15001    0    0    0     0          0       188      492
6    0    0    0     0       0          0
  eth1:       0       0    0    0    0     0          0         0        0
0    0    0    0     0       0          0
  eth2:4131877398 272624939    0 822369    0 49635          0       969
897656101 176383392    0    0    0     0       0          0 
 

f0s1:/opt # tcpdump -i eth2 ether proto 0x8808
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
 
 
      
   thanks !
Alex   
 

叶铮
华为技术有限公司 huawei_logo 


地址：深圳市龙岗区坂田华为基地 邮编：518129
0755 89652559
15989484730
yezheng62155 () hauwei com
http://www.huawei.com
----------------------------------------------------------------------------
---------------------------------------------------------
本邮件及其附件含有华为公司的保密信息，仅限于发送给上面地址中列出的个人或群
组。禁
止任何其他人以任何形式使用（包括但不限于全部或部分地泄露、复制、或散发）本邮
件中
的信息。如果您错收了本邮件，请您立即电话或邮件通知发件人并删除本邮件！
This e-mail and its attachments contain confidential information from
HUAWEI, which 
is intended only for the person or entity whose address is listed above. Any
use of the 
information contained herein in any way (including, but not limited to,
total or partial 
disclosure, reproduction, or dissemination) by persons other than the
intended 
recipient(s) is prohibited. If you receive this e-mail in error, please
notify the sender by 
phone or email immediately and delete it!