netbsd-bugs: Re: bin/33078: "tcpdump host foo" does not work

Subject: Re: bin/33078: "tcpdump host foo" does not work
To: None <gnats-bugs@NetBSD.org>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: netbsd-bugs
Date: 03/14/2006 19:37:46

On Tue, Mar 14, 2006 at 02:00:09PM +0000, martti.kuparinen@iki.fi wrote:
> 
> I was running "tcpdump -eni wm1" and saw all traffic to/from our domU hosts
> (including the 802.1Q headers) so I wanted to see only one host and executed
> the following command but absolutely nothing appears on the screen:
> 
> 
> ROOT xen1:~> tcpdump -eni wm1 host aaa.aaa.aaa.aaa
> tcpdump: WARNING: wm1: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on wm1, link-type EN10MB (Ethernet), capture size 96 bytes
> ^C
> 0 packets captured
> 33 packets received by filter
> 0 packets dropped by kernel
> ROOT xen1:~> 
> 
> 
> So even though the traffic from aaa.aaa.aaa.aaa is visible during the first
> tcpdump invocation it won't appear when using the "host foo" argument
> with tcpdump.

You don't see it because tcpdump filters on IP in untagged packets.
You may want to try:
tcpdump -eni wm1 vlan and host aaa.aaa.aaa.aaa

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--