On Wednesday, Oct 8, 2003, at 21:48 US/Eastern, Eben King wrote:
> I ran /tcpdump -i eth0 -l | grep -i "arp "', and got a lot of ARP
> requests a few seconds after I restarted the router. It's ARPing many
> machines in *.tampabay.rr.com, as well as in other ISPs, and my
> machine, and others on my subnet. Mine succeeded, so I'm partial to
> the "no syslog packets" hypothesis.
Er... that's odd. I'm not sure why it would be ARPing for "external"
addresses on your "internal" subnet, but anyway...
>> Actually, it depends on the platform running tcpdump. Sometimes it's
>> the total number of packets received by tcpdump on that interface,
>> sometimes it's only those packets that matched the filter expression.
> Then it would report "0 packets received" for syslog, yes?
If you're pretty sure there was other traffic on the subnet, and it
reports 0 packets received when using a filter expression, then yeah;
it is probably reporting the number of packets that match the filter.
Well, good luck, let us know if you solve it.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:56:01 EDT