tcpdump mailing list archives
Re: odd issue with Linux VLAN interface
From: Denis Ovsienko <denis () ovsienko info>
Date: Wed, 28 Jan 2015 08:26:35 +0000
---- On Wed, 28 Jan 2015 01:20:26 +0000 Michael Richardson wrote ----
Denis Ovsienko <denis () ovsienko info> wrote:The host has an Ethernet interface with only an IPv6 link-local address (eth0). On top of it there is a VLAN interface with VID 75 (eth0.75), IPv6 link-local address and IPv4 address 10.0.75.254/24. The difference is, when tcpdump runs with "-i eth0.75", it works as expected and displays ARP and, for instance, UDP from/to the network 10.0.75.0/24. When run with "-i eth0", it displays only TCP from/to network 10.0.75.0. This looks wrong in two ways as the tagged packets should not appear on the bearing interface in the first place and even if they appear there the filter should exclude them, but instead of this it excludes all the other packets.Tagged packets do appear, and if you add -e, you'll see the entire tag there too. At this point, it's hard to get the behaviour I think you want from the pcap compiler, which is to filter the traffic within the VLAN from the bearer. (I think that showing the tcp packets might be a fluke)
You are right: root@homepc:~# tcpdump -pni eth0 -e not tcp 08:09:56.529239 00:0f:ea:18:f6:23 > d4:ca:6d:72:b1:da, ethertype 802.1Q (0x8100), length 58: vlan 75, p 0, ethertype IPv4, 109.74.202.168.6633 > 10.0.75.2.55847: Flags [R.], seq 0, ack 1992001615, win 0, length 0 Of course, "not ethertype ip and ip proto tcp" does not match and the right way to do this filtering on this interface is to filter by "vlan and not tcp" (just checked, works). Thus the behaviour is the same as it used to be for years, both on tcpdump side and on Linux side. It must be the odd timing that kept me thinking the BPF filter had somewhere flipped to do the opposite from its normal job, I had checked several times before posting. Thank you for help, Guy and Michael. -- Denis Ovsienko _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- odd issue with Linux VLAN interface Denis Ovsienko (Jan 27)
- Re: odd issue with Linux VLAN interface Guy Harris (Jan 27)
- Re: odd issue with Linux VLAN interface Denis Ovsienko (Jan 27)
- Re: odd issue with Linux VLAN interface Guy Harris (Jan 27)
- Re: odd issue with Linux VLAN interface Denis Ovsienko (Jan 27)
- Re: odd issue with Linux VLAN interface Michael Richardson (Jan 28)
- Re: odd issue with Linux VLAN interface Denis Ovsienko (Jan 27)
- Re: odd issue with Linux VLAN interface Guy Harris (Jan 27)
- Re: odd issue with Linux VLAN interface Denis Ovsienko (Jan 28)
- Re: odd issue with Linux VLAN interface Michael Richardson (Jan 28)