Subject: bin/33078: "tcpdump host foo" does not work
To: None <,>
From: None <>
List: netbsd-bugs
Date: 03/14/2006 14:00:09
>Number:         33078
>Category:       bin
>Synopsis:       "tcpdump host foo" does not work
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 14 14:00:08 +0000 2006
>Originator:     Martti Kuparinen
>Release:        NetBSD 3.0_STABLE
System: NetBSD xen1 3.0_STABLE NetBSD 3.0_STABLE (DOMAIN0) #0: Tue Mar 14 14:41:20 EET 2006 root@xen1:/usr/src/sys/arch/i386/compile/DOMAIN0 i386
Architecture: i386
Machine: i386

We have two interfaces in our Xen domain-0 server, wm0 is only used by the dom0
and wm1 is used by all domUs. wm1 does not have any address assigned to it,
it's only marked up like this:

ROOT xen1:~> ifconfig wm1
        address: 00:04:23:xx:xx:xx
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::204:23ff:xxxx:xxxx%wm1 prefixlen 64 scopeid 0x2

I don't know if it makes any difference but we have multiple vlanXXXX
and bridgeXXXX interfaces (one for every VLAN id) and vlanXXX interfaces
are configured like this:

ROOT xen1:~> cat /etc/ifconfig.vlan1128
vlan 1128 vlanif wm1
!ifconfig bridge1128 create
!brconfig bridge1128 add vlan1128 up
ROOT xen1:~> 

Each xvifX.Y interface is connected to a bridgeXXXX interface
to give the virtual host connectivity to the right VLAN. This works just fine
and we are able to create very complex networks just using one physical

I was running "tcpdump -eni wm1" and saw all traffic to/from our domU hosts
(including the 802.1Q headers) so I wanted to see only one host and executed
the following command but absolutely nothing appears on the screen:

ROOT xen1:~> tcpdump -eni wm1 host
tcpdump: WARNING: wm1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wm1, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
33 packets received by filter
0 packets dropped by kernel
ROOT xen1:~> 

So even though the traffic from is visible during the first
tcpdump invocation it won't appear when using the "host foo" argument
with tcpdump.