multicast & icmp packet printing

[Larry Platzek <larryp () inow com>]

Hi
If this is wrong place to ask this question please tell me the right
place. I had asked on a different list and was told try here.

tcpdump running
     with multicasts only coming in the active-filter idle
time out works!
     with multicast and pings and ping replies coming in active-filter
           never idle timeout occurs.
ping       = icmp: echo request
ping reply = icmp: echo reply

I have tried expressions on tcpdump to show only the ping and ping
reply, and have had multicast only work.

tcpdump -i ppp0 'icmp[0] = 8 or icmp[0] = 0 '
does show icmp: echo request and icmp: echo reply packets.

tcpdump -i ppp0 'ether[0] & 1 != 0'
This shows the multicast packets.
tcpdump -i ppp0 'ether[0] & 1 != 0 or icmp[0] =8 or icmp[0] = 0 '
only shows the ping request and ping reply packets
so what happened to the multicast packets?

I need what ever expression used in tcpdump to see the
multicast packets and icmp echo request and echo reply
to place on a pppd active-filter statement.

Thank You very much!

Larry Platzek  lplatzek () users sourceforge net


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe