Re: multicast & icmp packet printing

[Larry Platzek <larryp () inow com>]

Hi Guy;
On Fri, 21 Mar 2003, Guy Harris wrote:

> Date: Fri, 21 Mar 2003 22:25:23 -0800
> From: Guy Harris <guy () alum mit edu>
> To: Larry Platzek <larryp () inow com>
> Cc: tcpdump-workers () tcpdump org
> Subject: Re: [tcpdump-workers] multicast & icmp packet printing
>
> On Wed, Mar 19, 2003 at 02:44:23PM -0800, Larry Platzek wrote:
> > tcpdump -i ppp0 'ether[0] & 1 != 0'
> > This shows the multicast packets.
>
> ppp0?  What's the definition of a "multicast packet" over PPP?
Not really sure but anything from 224.???.???.???.
> > tcpdump -i ppp0 'ether[0] & 1 != 0 or icmp[0] =8 or icmp[0] = 0 '
> > only shows the ping request and ping reply packets
> > so what happened to the multicast packets?
>
> Did any multicast packets arrive on that interface while you were
> running tcpdump?  I tried it with both the FreeBSD tcpdump 3.4/libpcap
> 0.4 and the current CVS versions of libpcap and tcpdump, reading from a
> capture that contained multicast packets, and it worked.
I would think multicast packets did. I have retried looking at data with
tcpdump.

I have included an attachment, a small tcpdump log file.
I have a ping every 55 seconds to vader.inow.com (198.144.96.11) from a
machine in my test network 192.168.1.254
66.42.3.83 was my IP number at that time, from my isp dynamic pool.

Sorry for the delay in replying, have had health problems to deal with!

> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Larry Platzek  larryp () inow com

Attachment: tcpdmp2.log
Description: