Bugtraq mailing list archives
Re: tcpdump under RedHat 6.1
From: jcomeau () DIALTONEINTERNET NET (John Comeau)
Date: Mon, 17 Jan 2000 22:33:55 -0500
Another nice gotcha is that -p now means the opposite of its old behavior (and what its manpage still reads): rather than disabling promiscuous mode, it now enables same (default is now nonpromiscuous - all you'll see is your own traffic plus broadcast and multicast) - jc Renaud Deraison wrote:
RedHat 6.1 comes bundled with a modified version of tcpdump, which has
the ability to listen on all the interfaces at once, which is nice.
However, the output format has changed. Whereas a typical tcpdump
line was :
time source.port > dest.port:[.....]
It is now :
time interface > source.port > dest.port:[....]
or
time interface < source.port > dest.port:[....]
If you explicitely ask tcpdump to listen on one interface, the
output will be :
time > source.port > dest.port:[....]
or
time < source.port > dest.port:[....]
Also, the 'port' is no longer a numeric value. It is taken from
/etc/services, even with the -n option set.
This new behavior will make a lot of programs that use tcpdump's
output panic or produce bogus output. I think shadow is affected,
but it's not the only one.
I have been looking through the man page, and I could not find an option
to issue a backward compatible output. What is worst is that
tcpdump --version will show up the same version numbers (3.4) than
the older tcpdumps, so this problem will only be detected at runtime.
So, if you have written your own custom scripts or if some of the programs
you use are relying on tcpdump, then install the tcpdump that comes
bundled with RH 6.0, or modify your scripts so that they can handle this
modification.
-- Renaud
(apologies if this was already known)
--
Renaud Deraison
The Nessus Project
http://www.nessus.org
-- John Comeau - Chief Operating Officer Dialtone Internet - Extremely Fast Web Systems 954-581-0097 fax://954-581-7629 jcomeau () dialtoneinternet net http://www.dialtoneinternet.net
Current thread:
- Re: tcpdump under RedHat 6.1 John Comeau (Jan 17)
- Re: tcpdump under RedHat 6.1 Francois Morris (Jan 19)
- Re: tcpdump under RedHat 6.1 Ken Lyon (Jan 22)
- Re: tcpdump under RedHat 6.1 Francois Morris (Jan 19)