Re: tcpdump

From: Steve Edmunds (steve_ed@sgi.com)
Date: Tue Jan 25 2000 - 19:53:51 EST


Chuck Hemker wrote:
>
> On 25-Jan-00 Rakers, Jason wrote:
> > Does tcpdump see all traffic on the wire? or just traffic destined for the
> > specified interface?
>
> tcpdump defaults to putting the interface in promiscuous mode while it is
> running. This means that the interface will receive all packets on the wire.
> The "-p" option disables that. "man tcpdump" for more information.
>
> Also remember that switches and bridges can limit what goes down a particular
> wire. (They try not to send things down a wire if they don't have to).
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to majordomo@vger.rutgers.edu

Also remember that snooping the interface from a particular system, is only going
to see what it's interface processed/captured, ie: not 100% reliable that you're
going to see every bit of traffic even in promisc. mode.
Best to double check by snooping from more than one if you think you might have
missed something, ie: run the test again snooping from another station on same
physical net(or vnet if you trust the switch and VLAN settings) :)

Steve

 

-- 
------------------------------------------------------
Steve Edmunds Work:steve_ed@sgi.com Phone:650.933.8560
------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu



This archive was generated by hypermail 2b29 : Mon Jan 31 2000 - 21:00:33 EST