tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tcpdump not giving details

From: Guy Harris <guy () alum mit edu>
Date: Sat, 25 Sep 2010 14:43:08 -0700

On Sep 25, 2010, at 6:44 AM, Nigel Kent wrote:


Why does tcpdump not give my more details? Each time it only comes as  - 16:22:26.128541 [|ether]

# ./tcpdump -vv not port 22
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:22:26.128541 [|ether]
16:22:26.128541 [|ether]
16:22:26.128541 [|ether]
16:22:26.128541 [|ether]
16:22:26.128541 [|ether]


Because, for some reason, the packet data it's getting is less than 14 bytes long.

What version of libpcap and tcpdump is this?  (Run "tcpdump -h" to get the version information.)

What OS is this?  (Probably Linux, given the interface name "eth0".)  What version of the OS is that?  (For Linux, give 
the kernel version.)

What type of interface is eth0?  Is it an Ethernet interface or some interface that the OS is saying looks like an 
Ethernet but that really isn't?-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: