tcpdump mailing list archives
Odd behaviour under Linux 2.6.21
From: James Healy <jhealy () swin edu au>
Date: Fri, 06 Jul 2007 13:30:11 +1000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We've encountered some odd behaviour with tcpdump/libpcap under Linux 2.6.21 (debian etch) and are hoping that others might be able to shed some light on it for us. The following 2 pcap files are from 2 hosts involved in a short scp transmission: http://caia.swin.edu.au/urp/newtcp/files/scp-sender-2.6.21.dmp http://caia.swin.edu.au/urp/newtcp/files/scp-receiver-2.6.21.dmp The hosts are connected via a crossover cable and are using gigabit Intel cards. Jumbo frames are not enabled. The sender pcap file indicates that some packets that went out were
1500 bytes in size, however the receiver side says that packets with
the same IP ID were exactly 1500 bytes long. At first we thought the packets were being truncated, but when we review the files using tcpdump's -X option, it appears that the packets are being fragmented and the sender side instance of tcpdump/libpcap is unaware of it. The third pcap file is from the sender side of a SCP transfer with the same setup but under a 2.6.12 kernel (a Knoppix 4.0.2 live cd). It records all outgoing packets as <= 1500 bytes as expected: http://caia.swin.edu.au/urp/newtcp/files/scp-sender-2.6.12.dmp Any tips? This one has us stumped! James Healy Centre for Advanced Internet Architectures Swinburne University -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGjbdD4oawkrbYo/kRAvOwAJ9tPO5AMI6eVHPi+bvD/67BJq6CAgCghjFH IyxS/eMg5zsHFClze+SXtYk= =eiZf -----END PGP SIGNATURE----- Swinburne University of Technology CRICOS Provider Code: 00111D NOTICE This e-mail and any attachments are confidential and intended only for the use of the addressee. They may contain information that is privileged or protected by copyright. If you are not the intended recipient, any dissemination, distribution, printing, copying or use is strictly prohibited. The University does not warrant that this e-mail and any attachments are secure and there is also a risk that it may be corrupted in transmission. It is your responsibility to check any attachments for viruses or defects before opening them. If you have received this transmission in error, please contact us on +61 3 9214 8000 and delete it immediately from your system. We do not accept liability in connection with computer virus, data corruption, delay, interruption, unauthorised access or unauthorised amendment. Please consider the environment before printing this email. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Odd behaviour under Linux 2.6.21 James Healy (Jul 05)
- Re: Odd behaviour under Linux 2.6.21 James Healy (Jul 05)
- Re: Odd behaviour under Linux 2.6.21 Gianluca Varenni (Jul 05)
- Re: Odd behaviour under Linux 2.6.21 James Healy (Jul 06)
- Re: Odd behaviour under Linux 2.6.21 Gianluca Varenni (Jul 05)
- Re: Odd behaviour under Linux 2.6.21 James Healy (Jul 05)