netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Fwd: Question on tcpdump & funny looking packets sent with packet-sock

from [Ben Greear] [Permanent Link][Original]
To: "netdev@xxxxxxxxxxx" <netdev@xxxxxxxxxxx>
Subject: [Fwd: Question on tcpdump & funny looking packets sent with packet-sockets.]
From: Ben Greear <greearb@xxxxxxxxxxxxxxx>
Date: Thu, 24 May 2001 07:51:47 -0700
Organization: Candela Technologies
Sender: owner-netdev@xxxxxxxxxxx 
Ben Greear wrote:
> 
> lf1 is transmitting this packet over and over, but with different
> MAC addresses.  The rest should be the same as the snippet
> below pulled from Ethereal. (I'm testing traffic generator code.):
> 
> 0000  00 30 71 88 c8 38 00 48  54 85 2f b8 08 00 45 00   .0q..8.H T./...E.
> 0010  00 34 7e 91 40 00 40 06  2a 7a 18 09 70 c2 cf d4   .4~.@.@. *z..p...
> 0020  39 19 08 64 11 5c 79 c4  d3 47 46 fa df 96 80 10   9..d.\y. .GF.....
> 0030  7c 70 23 57 00 00 01 01  08 0a 17 df 04 dd 09 3a   |p#W.... .......:
> 0040  91 e9                                              ..
> 
> However, when I snoop with tcpdump on lf1, it shows a wierd protocol in the
> ethernet packet, as far as I can tell.  I would expect to see a very similar
> decode to the one on the receiving machine.:
> 
> 08:21:35.538397 > 0:0:0:0:0:0 0:c0:95:e2:4c:c 0003 66: sap 00 > sap 45 I 
> (s=0,r=26,P) len=48
>                          7e91 4000 4006 2a7a 1809 70c2 cfd4 3919
>                          0864 115c 79c4 d347 46fa df96 8010 7c70
>                          2357 0000 0101 080a 17df 04dd 093a 91e9
>                          4500 0034 7e91 4000 4006 2a7a 1809 70c2
>                          cfd4 3919 0864 115c 79c4 d347 46fa df96
>                          8010 7c70 2357 0000 0101 080a 17df 04dd
>                          093a 91e9
> 
> The receiving machine, lf4, seems to decode the packet fine though:
> 
> 17:23:48.518817 < 0:c0:95:e2:4c:c 0:0:0:0:0:1 0800 66: 24.9.112.194.2148 > 
> 207.212.57.25.4444: . 0:0(0) ack 1 win 31856 <nop,nop,timestamp 400491741 
> 154833385> (DF)
>                          4500 0034 7e91 4000 4006 2a7a 1809 70c2
>                          cfd4 3919 0864 115c 79c4 d347 46fa df96
>                          8010 7c70 2357 0000 0101 080a 17df 04dd
>                          093a 91e9
> 
> lf1's ethernet card is a ZYNX tulip, which is acting a little funny, but 
> seems to be
> passing traffic ok in most cases.
> 
> lf4's ethernet card is an Intel eepro, and I have no obvious problems with it.
> 
> I'm running RH 7.1 with the 2.4.5-pre3 kernel.
> 
> To grab the captures, I'm using this command:
> tcpdump -nnex -p -i eth3
> 
> Are these normal traces to see?
> 
> Thanks,
> Ben

-- 
Ben Greear <greearb@xxxxxxxxxxxxxxx>          <Ben_Greear@xxxxxxxxxx>
President of Candela Technologies Inc      http://www.candelatech.com
ScryMUD:  http://scry.wanfear.com     http://scry.wanfear.com/~greear
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Fwd: Question on tcpdump & funny looking packets sent with packet-sockets.], Ben Greear <=
Previous by Date:  [no subject], wenjian luo
Next by Date:  Re: arpfilter merged, next part?, Andrey Savochkin
Previous by Thread:  [no subject], wenjian luo
Next by Thread:  regarding Redundancy in TCP / IP Stack, sakalra
Indexes:  [Date] [Thread] [Top] [All Lists]