The following reply was made to PR bin/33078; it has been noted by GNATS.

From: Manuel Bouyer <bouyer@antioche.eu.org>
To: gnats-bugs@NetBSD.org
Cc: gnats-admin@NetBSD.org, netbsd-bugs@NetBSD.org
Subject: Re: bin/33078: "tcpdump host foo" does not work
Date: Tue, 14 Mar 2006 19:37:46 +0100

 On Tue, Mar 14, 2006 at 02:00:09PM +0000, martti.kuparinen@iki.fi wrote:
 > 
 > I was running "tcpdump -eni wm1" and saw all traffic to/from our domU hosts
 > (including the 802.1Q headers) so I wanted to see only one host and executed
 > the following command but absolutely nothing appears on the screen:
 > 
 > 
 > ROOT xen1:~> tcpdump -eni wm1 host aaa.aaa.aaa.aaa
 > tcpdump: WARNING: wm1: no IPv4 address assigned
 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 > listening on wm1, link-type EN10MB (Ethernet), capture size 96 bytes
 > ^C
 > 0 packets captured
 > 33 packets received by filter
 > 0 packets dropped by kernel
 > ROOT xen1:~> 
 > 
 > 
 > So even though the traffic from aaa.aaa.aaa.aaa is visible during the first
 > tcpdump invocation it won't appear when using the "host foo" argument
 > with tcpdump.
 
 You don't see it because tcpdump filters on IP in untagged packets.
 You may want to try:
 tcpdump -eni wm1 vlan and host aaa.aaa.aaa.aaa
 
 -- 
 Manuel Bouyer <bouyer@antioche.eu.org>
      NetBSD: 26 ans d'experience feront toujours la difference
 --