免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 程序设计 内核源码 求助,tcpdump抓不到包
12
最近访问板块 发新帖
楼主: coralonland
打印 上一主题 下一主题

求助,tcpdump抓不到包 [复制链接]

coralonland

论坛徽章:
0
11 [报告]
发表于 2011-06-03 10:00 |只看该作者
我怀疑是不是 tcpdump 对逻辑接口的抓取和处理有问题
可否采用抓取 eth0 物理设备的裸数据方法来试试? ...
platinum 发表于 2011-06-02 10:41


配置如下:
# ifconfig
br1       Link encap:Ethernet  HWaddr 00:0F:BB:19:07:21  
          inet6 addr: fe80::9076:d5ff:fef1:b00b/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:468 (468.0 b)

eth0      Link encap:Ethernet  HWaddr 00:0F:BB:19:07:21  
          inet6 addr: fe80::20f:bbff:fe19:721/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:207 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6183 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:17730 (17.3 Kb)  TX bytes:507398 (495.5 Kb)
          Memory:fe5e0000-fe5e0fff

eth0.1030 Link encap:Ethernet  HWaddr 00:0F:BB:19:07:21  
          inet6 addr: fe80::20f:bbff:fe19:721/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5904 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:276 (276.0 b)  TX bytes:484000 (472.6 Kb)

eth0.1030 Link encap:Ethernet  HWaddr 00:0F:BB:19:07:21                          用作SCN的逻辑口
          inet addr:10.10.189.35  Bcast:10.10.189.255  Mask:255.255.255.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1




# tcpdump -i eth0 -s 0
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
02:01:04.163201 IP 10.10.189.35 > 224.0.0.5: OSPFv2, Hello, length 44
02:01:54.171620 IP 10.10.189.35 > 224.0.0.5: OSPFv2, Hello, length 44
02:02:04.165456 IP 10.10.189.35 > 224.0.0.5: OSPFv2, Hello, length 44
02:02:10.232819 ARP, Request who-has 10.10.189.35 tell 10.10.189.37, length 46
02:02:10.232888 ARP, Reply 10.10.189.35 is-at 00:0f:bb:19:07:21 (oui Unknown), length 28
02:02:10.233128 IP 10.10.189.37 > 10.10.189.35: ICMP echo request, id 11162, seq 1, length 64
02:02:10.233200 IP 10.10.189.35 > 10.10.189.37: ICMP echo reply, id 11162, seq 1, length 64
02:02:11.231603 IP 10.10.189.37 > 10.10.189.35: ICMP echo request, id 11162, seq 2, length 64
02:02:11.231670 IP 10.10.189.35 > 10.10.189.37: ICMP echo reply, id 11162, seq 2, length 64
02:02:12.232716 IP 10.10.189.37 > 10.10.189.35: ICMP echo request, id 11162, seq 3, length 64
02:02:12.232812 IP 10.10.189.35 > 10.10.189.37: ICMP echo reply, id 11162, seq 3, length 64
02:02:13.231865 IP 10.10.189.37 > 10.10.189.35: ICMP echo request, id 11162, seq 4, length 64
02:02:13.231957 IP 10.10.189.35 > 10.10.189.37: ICMP echo reply, id 11162, seq 4, length 64
02:02:14.169287 IP 10.10.189.35 > 224.0.0.5: OSPFv2, Hello, length 44
02:02:14.231854 IP 10.10.189.37 > 10.10.189.35: ICMP echo request, id 11162, seq 5, length 64
02:02:14.231922 IP 10.10.189.35 > 10.10.189.37: ICMP echo reply, id 11162, seq 5, length 64
02:02:15.230363 ARP, Request who-has 10.10.189.37 tell 10.10.189.35, length 28
02:02:15.230611 ARP, Reply 10.10.189.37 is-at 00:0f:bb:19:00:29 (oui Unknown), length 46
02:02:15.233346 IP 10.10.189.37 > 10.10.189.35: ICMP echo request, id 11162, seq 6, length 64
02:02:15.233413 IP 10.10.189.35 > 10.10.189.37: ICMP echo reply, id 11162, seq 6, length 64
02:02:16.235126 IP 10.10.189.37 > 10.10.189.35: ICMP echo request, id 11162, seq 7, length 64
02:02:16.235217 IP 10.10.189.35 > 10.10.189.37: ICMP echo reply, id 11162, seq 7, length 64
02:02:17.234115 IP 10.10.189.37 > 10.10.189.35: ICMP echo request, id 11162, seq 8, length 64
02:02:17.234210 IP 10.10.189.35 > 10.10.189.37: ICMP echo reply, id 11162, seq 8, length 64
02:02:18.233125 IP 10.10.189.37 > 10.10.189.35: ICMP echo request, id 11162, seq 9, length 64
02:02:18.233201 IP 10.10.189.35 > 10.10.189.37: ICMP echo reply, id 11162, seq 9, length 64
02:02:19.232113 IP 10.10.189.37 > 10.10.189.35: ICMP echo request, id 11162, seq 10, length 64
02:02:19.232183 IP 10.10.189.35 > 10.10.189.37: ICMP echo reply, id 11162, seq 10, length 64
02:02:24.163027 IP 10.10.189.35 > 224.0.0.5: OSPFv2, Hello, length 44
02:02:34.176113 IP 10.10.189.35 > 224.0.0.5: OSPFv2, Hello, length 44
02:02:44.179654 IP 10.10.189.35 > 224.0.0.5: OSPFv2, Hello, length 44
02:02:54.183623 IP 10.10.189.35 > 224.0.0.5: OSPFv2, Hello, length 44


另一个板子IP为10.10.189.37,在ping本板,可ping通。但本板收不到它发的组播包,只能抓到自已发的组播包。

各位大虾们,还有什么方法吗?
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP