tcpdump

gbwien · 04-15-2009, 09:38 AM

Hi,

I am trying to use tcpdump to capture trace from both directions

local host ----> destination host (request)
destination host ---> local host (response)

I am using redhat bonding and have identified my active interface as eth2. I am using the following command. I am using Redhat AS 4

tcpdump -s -vni eth2 -w /tmp/<outputfile>

I am then using wireshark to look at the trace. However I never see responses from destination host to localhost and I'm not sure if my tcpdump command is correct.

Thanks in Advance
Graham.

gmendoza · 04-15-2009, 05:50 PM

Quote:

Originally Posted by gbwien

Hi,

I am using redhat bonding and have identified my active interface as eth2. I am using the following command. I am using Redhat AS 4

I am then using wireshark to look at the trace. However I never see responses from destination host to localhost and I'm not sure if my tcpdump command is correct.

Thanks in Advance
Graham.

Your syntax is fine. You should see traffic in both directions, but depending on your selected bonding type, you may not see all the traffic on the interface you're specifying.

You could use the "-i any" option of tcpdump to capture on all interfaces.

tcpdump -s 0 -vni any -w /tmp/<outputfile>

Also, you could try running two captures, each on different physical interfaces. This might help you see how your bonding is behaving.

tcpdump -s 0 -vni eth0 -w /tmp/<outputfile1>
tcpdump -s 0 -vni eth1 -w /tmp/<outputfile2>