Re: Problem about host addresses to names

[Guy Harris <guy () alum mit edu>]

On Jun 26, 2017, at 12:45 AM, Zheng, Ruoqin <zhengrq.fnst () cn fujitsu com> wrote:

>   The case is like this, I config my NIC to vlan subnet as:
>   #ifconfig
>   eth0.100  Link encap:Ethernet  HWaddr 00:04:9f:04:b0:04
>          inet addr:192.168.255.1  Bcast:192.168.255.255  Mask:255.255.255.0
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>
>   And I test it with ping: ping -q -c 50 -I eth0.100 192.168.255.2&
> tcpdump -c 10 -ex -i eth0 ether broadcast
>
>   The problem is that I tcpdump can’t capture the package with VLAN tag

What does

        tcpdump -d -i eth0 ether broadcast

print?

>   But when I add the option –n:
> tcpdump –n -c 10 -ex -i eth0 ether broadcast
>   tcpdump can capture the package with VLAN tag
>     00:59:40.485131 00:04:9f:04:b0:04 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 100, p 0, 
> ethertype ARP, Request who-has 192.168.255.2
>        0x0000:  0064 0806 0001 0800 0604 0001 0004 9f04
>        0x0010:  b004 c0a8 ff01 0000 0000 0000 c0a8 ff02
>
>   I don’t know how can this happen, does anyone know the reason?

What does

        tcpdump -n -d -i eth0 ether broadcast

print?

> By the way, in the manual of tcpdump, it says
>   -n     Don't convert host addresses to names.  This can be used to avoid DNS lookups.
>   How should I understand it?

It means that, when printing packet data, tcpdump won't convert host IPv4, IPv6, MAC, and some other addresses to 
names, so, for example, it'd print "192.168.17.2" rather than "example.com" as a source or destination IPv4 address.

That shouldn't affect the generated filter code, which is what tcpdump prints when you run it with "-d".  That filter 
code should control what packets tcpdump sees or doesn't see.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers