Hi ppl,
In my network I have am HP DL360G3, that have a dual bcm5700 NIC. It is connected to a Cisco swicth, and one of the NICs are connected to a port that is the target to a mirror from our switch port where we get the outside link (the link to our ISP router).
This particular port is just up, without any ip (even if I already tried to configure it with IP, with the same result), and I did set it promiscous, and without promiscous mode, always with identical results:
running
Code:
tcpdump -nn -i eth0
I keep getting packets, for as long as I keep it running. with any "ip" or "port xx" tcpdump prints some packets (3 to 37) when starts, when then stay quiet as long as I keep it running.
some info:
Code:
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0E:7F:FE:89:FA
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:372829179 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1807040210 (1.6 GiB) TX bytes:0 (0.0 b)
Interrupt:11 Memory:f7ef0000-f7f00000
#cat /proc/sys/net/ipv4/ip_forward
1
#grep . /proc/sys/net/ipv4/conf/eth0/*
/proc/sys/net/ipv4/conf/eth0/accept_redirects:1
/proc/sys/net/ipv4/conf/eth0/accept_source_route:1
/proc/sys/net/ipv4/conf/eth0/arp_filter:0
/proc/sys/net/ipv4/conf/eth0/bootp_relay:0
/proc/sys/net/ipv4/conf/eth0/forwarding:1
/proc/sys/net/ipv4/conf/eth0/log_martians:0
/proc/sys/net/ipv4/conf/eth0/mc_forwarding:0
/proc/sys/net/ipv4/conf/eth0/proxy_arp:0
/proc/sys/net/ipv4/conf/eth0/rp_filter:0
/proc/sys/net/ipv4/conf/eth0/secure_redirects:1
/proc/sys/net/ipv4/conf/eth0/send_redirects:1
/proc/sys/net/ipv4/conf/eth0/shared_media:1
/proc/sys/net/ipv4/conf/eth0/tag:0
Any other info you need, just ask. I need this to sniff http logs from all my sites.
Thanks.
Sniffing: tcpdump gets some initial packets
