e1000 driver on Centos only sees TCP traffic in one direction from HP SPAN
Apologies for the lack of detail here but off site at the moment.
We've setup a SPAN port on a HP switch (HP5406zl) to monitor traffic in both directions to and from a server.
Plugged in a Windows laptop, captured a pcap file, analysed it using wireshark and see traffic in BOTH directions.
Plug in a PC running Centos to the same SPAN port with the same config, e1000 driver, do a tcpdump, ONLY see TCP traffic SENT to the server, not traffic originating from the server.
I CAN see ARP and UDP traffic originating from the server.
Not sure where to go from here, seems really unusual to me? I suspect a driver issue or bug ? Really appreciate any ideas.
The e1000 driver doesn't know UDP, ARP and TCP and only know Ethernet frame. The TCP/IP stack handle UDP, ARP and TCP traffic.
You can monitor traffic on server. The server configuration may be wrong, such as iptable.
Looks like the problem was caused by some sort of 'auto negotiation' issue between the driver and the HP switch, basically the connection was set to half duplex rather than full for some reason, setting it manually resolved the problem.
|All times are GMT -5. The time now is 03:39 AM.|