tcpdump expressions doesn't works properly. [SOLVED]
I'm under a very weird problem here. I'm trying to use the tcpdump expressions and I'm getting weird results, for example:
#tcpdump port 80 <--when I do it and I try to open a website, I get no results at all. However, if I just try "tcpdump", I can see there's traffic at the http (80) port. WEIRD!
Then, if I try “tcpdump -i eth0 not port 80″, it still shows traffic from the port 80, where I know it shouldn't show the traffic from the 80 but from all the rest.
So it happens to any port I may try.
I know I'm not doing anything wrong, since 1 month ago I did the same thing in a client and it didn't happen. Maybe it's a bug or something, I don't know yet.
My kernel version is the 2.6.27 and I'm using Gentoo Linux.
tcpdump version 3.9.8
libpcap version 0.9.8
Does anyone have any clue about what's happening here?
Thanks in advance!
Last edited by sparc86; 11-15-2008 at 07:47 PM.