tcpdump mailing list archives
capturing packets with identical MAC for source and destination
From: "Lentes, Bernd" <bernd.lentes () helmholtz-muenchen de>
Date: Tue, 3 Sep 2013 15:44:05 +0200
Hi, currently we are expierencing bad network performance. And in the log of a linux-server i have a lot of these messages: Sep 2 10:16:08 pc60181 kernel: [4286760.823563] br0: received packet on eth0 with own address as source address Sep 2 10:16:08 pc60181 kernel: [4286760.823680] br0: received packet on eth0 with own address as source address Sep 2 10:16:08 pc60181 kernel: [4286760.823770] br0: received packet on eth0 with own address as source address Sep 2 10:16:08 pc60181 kernel: [4286760.823861] br0: received packet on eth0 with own address as source address Sep 2 10:16:08 pc60181 kernel: [4286760.823992] br0: received packet on eth0 with own address as source address Sep 2 10:16:08 pc60181 kernel: [4286760.824130] br0: received packet on eth0 with own address as source address I'd like to capture all packets which have the same MAC-address for sender and destination. But i don't know the MAC which is causing these messages. So i have to use an universal filter. I tried to use "tcpdump 'ether[8:6] = ether[14:6]'". Beginning with byte 8 is the destination MAC and beginning with byte 14 is the source MAC. And each MAC has the size of 6 bytes. But i got this message: "tcpdump: data size must be 1, 2, or 4". Is there a way to capture the desired 6 bytes ? Thanks for any help. Bernd -- Bernd Lentes Systemadministration Institut für Entwicklungsgenetik Gebäude 35.34 - Raum 208 HelmholtzZentrum münchen bernd.lentes () helmholtz-muenchen de phone: +49 89 3187 1241 fax: +49 89 3187 2294 http://www.helmholtz-muenchen.de/idg Wie kann man etwas beherrschen ohne zu lernen ? Wie kann man etwas lernen ohne Fehler zu machen ? Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess Dr. Nikolaus Blum Dr. Alfons Enhsen Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671 _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- capturing packets with identical MAC for source and destination Lentes, Bernd (Sep 03)
- Re: capturing packets with identical MAC for source and destination Gisle Vanem (Sep 03)
- Re: capturing packets with identical MAC for source and destination Lentes, Bernd (Sep 03)
- Re: capturing packets with identical MAC for sourceand destination David Laight (Sep 03)
- Re: capturing packets with identical MAC for source and destination Gisle Vanem (Sep 03)