Hello,

I'm executing tcpdump to 'snoop' network traffic on my server for a few seconds with the command

timeout 5tcpdump -i bond0 -l -w /tmp/simon.tcpdump ip

I then read the file with the command and the result will feed a python script to do some statistics

tcpdump -N -v -r /tmp/simon.tcpdump > /tmp/simon.txt

The python script will analyze the context based on a regexp

I noticed some 'IP' lines don't contain source or destination information, for example

08:48:49.160615 ARP, Ethernet (len 6), IPv4 (len 4), Reverse Request who-is 00:50:56:ae:66:68 (oui Unknown) tell 00:50:56:ae:66:68 (oui Unknown), length 46
08:48:49.160616 IP (tos 0x0, ttl 64, id 43569, offset 0, flags [DF], proto TCP (6), length 2948)
08:48:49.160615 ARP, Ethernet (len 6), IPv4 (len 4), Reverse Request who-is 00:50:56:ae:66:68 (oui Unknown) tell 00:50:56:ae:66:68 (oui Unknown), length 46 dell965srv.39783 > dell964srv.44916: Flags [.], cksum 0x7672 (incorrect -> 0xbc47), seq 11618:14514, ack 896, win 501, options [nop,nop,TS val 15829430 ecr 1898668321], length 2896

I'm surprised to see a 'IP' package without this information. Could anyone why or redirect me to any place having any explanations?

Thanks

Simon

Is that, perhaps, the MAC address of the server on which you're running your commands? Just a thought.