tcpdump mailing list archives

Re: ntopng & packet filter of libpcap

From: Guy Harris <guy () alum mit edu>
Date: Fri, 23 Jan 2015 19:10:43 -0800


On Jan 23, 2015, at 6:19 PM, Gerhard Mourani <gmourani () gmail com> wrote:

All packets received come from sFlow protocol activated on remote switches (3 switches on the LAN). Even if I change 
IP 192.168.2.10 for 192.168.2.209 which is the one used by the machine where the program run in other to exclude 
statistics from this IP (192.168.2.209), I still see it on the list. So I try to exclude the IP of the probe itself 
and it still appears in the result!


What happens if you run tcpdump on the network, with the same filter?  Do the packets show up in the tcpdump output?

If so, what happens if you run tcpdump with the -xx (two x's) flag?  Do the hex dumps show packets with c0a8 020a at an 
offset of 26 or 30 into the packet?  (I.e., does it show packets with the outermost IP source or destination address 
being 192.168.2.10?)
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

noting & packet filter of libpcap Gerhard Mourani (Jan 23)
- Re: ntopng & packet filter of libpcap Guy Harris (Jan 23)
  - Re: ntopng & packet filter of libpcap Gerhard Mourani (Jan 23)
    - Re: ntopng & packet filter of libpcap Guy Harris (Jan 23)
    - Re: ntopng & packet filter of libpcap Gerhard Mourani (Jan 23)
    - Re: ntopng & packet filter of libpcap Guy Harris (Jan 23)
    - Re: ntopng & packet filter of libpcap Gerhard Mourani (Jan 23)
    - Re: ntopng & packet filter of libpcap Guy Harris (Jan 23)