LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-31-2010, 06:30 AM   #1
cola
Senior Member
 
Registered: Sep 2007
Posts: 1,035

Rep: Reputation: 65
tcpdump question


Is this correct?
Code:
tcpdump -i eth0 host www.google.com
Output:
Code:
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
 
Old 05-31-2010, 07:52 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
correct to achieve what?? It's a legal command, as there's clearly no error, but you should not use hostnames, as that could resolve of dozens of different IP's that google use, and it will only resolve it once.
 
Old 05-31-2010, 08:32 AM   #3
cola
Senior Member
 
Registered: Sep 2007
Posts: 1,035

Original Poster
Rep: Reputation: 65
Quote:
Originally Posted by acid_kewpie View Post
correct to achieve what?? It's a legal command, as there's clearly no error, but you should not use hostnames, as that could resolve of dozens of different IP's that google use, and it will only resolve it once.
To capture packets continuously.
But it just waits there,nothing happens.
 
Old 05-31-2010, 08:39 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
you're not hitting that IP address then. or hitting it on a different interface than eth0.
 
Old 05-31-2010, 08:43 AM   #5
cola
Senior Member
 
Registered: Sep 2007
Posts: 1,035

Original Poster
Rep: Reputation: 65
Quote:
Originally Posted by acid_kewpie View Post
you're not hitting that IP address then. or hitting it on a different interface than eth0.
I have also tried this:
Code:
tcpdump -vv -i eth0 host 209.85.229.147
Same result.
 
Old 05-31-2010, 08:52 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
right, so do a "curl 209.85.229.147" while that's running and see what happens. also good to add a -n to the command to stop DNS lookups slowing things down. extra -v's won't show anything extra if there's nothing already, there's either a packet or there's not.
 
Old 05-31-2010, 08:56 AM   #7
cola
Senior Member
 
Registered: Sep 2007
Posts: 1,035

Original Poster
Rep: Reputation: 65
Quote:
Originally Posted by acid_kewpie View Post
right, so do a "curl 209.85.229.147" while that's running and see what happens. also good to add a -n to the command to stop DNS lookups slowing things down. extra -v's won't show anything extra if there's nothing already, there's either a packet or there's not.
This is the output for curl
Code:
<!doctype html><html><head><meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"><title>Google</title><script>window.google={kEI:"lL8DTP6uIdSO4gbtprGgDQ",kEXPI:"24660,24803,24938,25047",kCSI:{e:"24660,24803,24938,25047",ei:"lL8DTP6uIdSO4gbtprGgDQ",expi:"24660,24803,24938,25047"},ml:function(){},kHL:"en",time:function(){return(new Date).getTime()},log:function(b,d,c){var a=new Image,e=google,g=e.lc,f=e.li;a.onerror=(a.onload=(a.onabort=function(){delete g[f]}));g[f]=a;c=c||"/gen_204?atyp=i&ct="+b+"&cad="+d+"&zx="+google.time();a.src=c;e.li=f+1},lc:[],li:0,Toolbelt:{}};                                 
window.google.sn="webhp";window.google.timers={load:{t:{start:(new Date).getTime()}}};try{}catch(u){}window.google.jsrt_kill=1;                                                                                                                           
var _gjwl=location;function _gjuc(){var e=_gjwl.href.indexOf("#");if(e>=0){var a=_gjwl.href.substring(e);if(a.indexOf("&q=")>0||a.indexOf("#q=")>=0){a=a.substring(1);if(a.indexOf("#")==-1){for(var c=0;c<a.length;){var d=c;if(a.charAt(d)=="&")++d;var b=a.indexOf("&",d);if(b==-1)b=a.length;var f=a.substring(d,b);if(f.indexOf("fp=")==0){a=a.substring(0,c)+a.substring(b,a.length);b=c}else if(f=="cad=h")return 0;c=b}_gjwl.href="/search?"+a+"&cad=h";return 1}}}return 0}function _gjp(){!(window._gjwl.hash&&                                                                                                                        
window._gjuc())&&setTimeout(_gjp,500)};                                                                                      
window._gjp && _gjp()</script><style>body{margin:0}#gog{padding:3px 8px 0}td{line-height:.8em;}.gac_m td{line-height:17px;}form{margin-bottom:20px;}body,td,a,p,.h{font-family:arial,sans-serif}.h{color:#36c;font-size:20px}.q{color:#00c}.ts td{padding:0}.ts{border-collapse:collapse}em{font-weight:bold;font-style:normal}.lst{width:496px}.tiah{width:458px}input{font-family:inherit}a.gb1,a.gb2,a.gb3,a.gb4{color:#11c !important}#gbar,#guser{font-size:13px;padding-top:1px !important}#gbar{height:22px}#guser{padding-bottom:7px !important;text-align:right}.gbh,.gbd{border-top:1px solid #c9d7f1;font-size:1px}.gbh{height:0;position:absolute;top:24px;width:100%}@media all{.gb1{height:22px;margin-right:.5em;vertical-align:top}#gbar{float:left}}a.gb1,a.gb4{color:#00c !important}body{background:#fff;color:black}input{-moz-box-sizing:content-box}a{color:#11c;text-decoration:none}a:hover,a:active{text-decoration:underline}.fl a{color:#4272db}a:visited{color:#551a8b}a.gb1,a.gb4{text-decoration:underline}a.gb3:hover{text-decoration:none}#ghead a.gb2:hover{color:#fff!important}.ds{display:-moz-inline-box}.ds{border-bottom:solid 1px #e7e7e7;border-right:solid 1px #e7e7e7;display:inline-block;margin:3px 0 4px;margin-left:4px;margin-right:3px:height:32px}.sblc{padding-top:5px}.sblc a{display:block;margin:2px 0;margin-left:13px;font-size:11px;}.lsbb{background:#eee;border:solid 1px;border-color:#ccc #999 #999 #ccc;height:30px;display:block}.lsb{background:url(/images/srpr/nav_logo13.png) bottom;font:15px arial,sans-serif;border:none;color:#000;cursor:pointer;height:30px;margin:0;outline:0;vertical-align:top}.lsb:active{background:#ccc}.lst:focus{outline:none}.ftl,#fll a{margin:0 12px}#addlang a{padding:0 3px}.gac_v div{display:none}.gac_v .gac_v2,.gac_bt{display:block!important}</style><script>google.y={};google.x=function(e,g){google.y[e.id]=[e,g];return false};</script></head><body bgcolor=#ffffff text=#000000 link=#0000cc vlink=#551a8b alink=#ff0000 onload="document.f.q.focus();if(document.images)new Image().src='/images/srpr/nav_logo13.png'" ><textarea id=csi style=display:none></textarea><div id=ghead><div id=gbar><nobr><b class=gb1>Web</b> <a onclick=gbar.qs(this) href="http://www.google.com/imghp?hl=en&tab=wi" class=gb1>Images</a> <a onclick=gbar.qs(this) href="http://video.google.com/?hl=en&tab=wv" class=gb1>Videos</a> <a onclick=gbar.qs(this) href="http://maps.google.com/maps?hl=en&tab=wl" class=gb1>Maps</a> <a onclick=gbar.qs(this) href="http://news.google.com/nwshp?hl=en&tab=wn" class=gb1>News</a> <a onclick=gbar.qs(this) href="http://www.google.com/prdhp?hl=en&tab=wf" class=gb1>Shopping</a> <a href="http://mail.google.com/mail/?hl=en&tab=wm" class=gb1>Gmail</a> <a href="http://www.google.com/intl/en/options/" class=gb1 style="text-decoration:none"><u>more</u> &raquo;</a></nobr></div><div id=guser width=100%><nobr></nobr></div><div class=gbh style=left:0></div><div class=gbh style=right:0></div></div> <center><br clear=all id=lgpd><div id=lga><table cellpadding=0 cellspacing=0 border=0><tr><td align=right valign=bottom><img src=images/hp0.gif width=158 height=78 alt="Google"></td><td valign=bottom><img src=images/hp1.gif width=50 height=78 alt=""></td><td valign=bottom><img src=images/hp2.gif width=68 height=78 alt=""></td></tr><tr><td class=h align=right valign=top><b></b></td><td valign=top><img src=images/hp3.gif width=50 height=32 alt=""></td><td valign=top class=h><font color=#666666 style=font-size:16px><b>English</b></font></td></tr></table><br></div><form action="http://www.google.com/search" name=f><table cellpadding=0 cellspacing=0><tr valign=top><td width=25%>&nbsp;</td><td align=center nowrap><input name=hl type=hidden value=en><input name=source type=hidden value=hp><input type=hidden name=ie value="ISO-8859-1"><div class=ds style="height:32px;margin:4px 0"><input autocomplete="off" maxlength=2048 name=q class="lst" title="Google Search" value="" size=57 style="background:#fff;border:1px solid #ccc;border-bottom-color:#999;border-right-color:#999;color:#000;font:18px arial,sans-serif bold;height:25px;margin:0;padding:5px 8px 0 6px;vertical-align:top"></div><br style="line-height:0"><span class=ds><span class=lsbb><input name=btnG type=submit value="Google Search" class=lsb></span></span><span class=ds><span class=lsbb><input name=btnI type=submit value="I'm Feeling Lucky" class=lsb></span></span></td><td nowrap width=25% align=left class=sblc><a href="/advanced_search?hl=en">Advanced Search</a><a href="/language_tools?hl=en">Language Tools</a></td></tr></table></form><div style="font-size:83%;min-height:3.5em"><br></div><div id=res></div><span id=footer><center id=fctr><div style="font-size:10pt"><div id=fll style="margin:19px auto 19px auto;text-align:center"><a href="/intl/en/ads/">Advertising&nbsp;Programs</a><a href="/services/">Business Solutions</a><a href="/intl/en/about.html">About Google</a><a href="http://www.google.com/ncr">Go to Google.com</a></div></div><p style="color:#767676;font-size:8pt">&copy; 2010 - <a href="/intl/en/privacy.html">Privacy</a></p></center></span> <div id=xjsd></div><div id=xjsi><script>if(google.y)google.y.first=[];if(google.y)google.y.first=[];google.dstr=[];google.rein=[];window.setTimeout(function(){var a=document.createElement("script");a.src="/extern_js/f/CgJlbiAAKzAKOGhAHSwrMA44DywrMBc4BywrMBg4BSwrMCU4yogBLCswJjgLLCswJzgELCswPDgCLCswQDgQLCswQTgFLCswRTgBLCswWjgALIACEw/aYiv8-W6410.js";(document.getElementById("xjsd")||document.body).appendChild(a);if(google.timers&&google.timers.load.t)google.timers.load.t.xjsls=(new Date).getTime();},0);
;google.neegg=1;google.y.first.push(function(){google.ac.i(document.f,document.f.q,'','','',{o:1,sw:1});google.History&&google.History.initialize('/')});if(google.j&&google.j.en&&google.j.xi){window.setTimeout(google.j.xi,0);google.fade=null;}</script></div><script>(function(){
var b,d,e,f;function g(a,c){if(a.removeEventListener){a.removeEventListener("load",c,false);a.removeEventListener("error",c,false)}else{a.detachEvent("onload",c);a.detachEvent("onerror",c)}}function h(a){f=(new Date).getTime();++d;a=a||window.event;var c=a.target||a.srcElement;g(c,h)}var i=document.getElementsByTagName("img");b=i.length;d=0;for(var j=0,k;j<b;++j){k=i[j];if(k.complete||typeof k.src!="string"||!k.src)++d;else if(k.addEventListener){k.addEventListener("load",h,false);k.addEventListener("error",
h,false)}else{k.attachEvent("onload",h);k.attachEvent("onerror",h)}}e=b-d;function l(){google.timers.load.t.ol=(new Date).getTime();google.timers.load.t.iml=f;google.kCSI.imc=d;google.kCSI.imn=b;google.kCSI.imp=e;google.report&&google.report(google.timers.load,google.kCSI)}if(window.addEventListener)window.addEventListener("load",l,false);else if(window.attachEvent)window.attachEvent("onload",l);google.timers.load.t.prt=(f=(new Date).getTime());
})();
</script>
 
Old 05-31-2010, 08:59 AM   #8
cola
Senior Member
 
Registered: Sep 2007
Posts: 1,035

Original Poster
Rep: Reputation: 65
Code:
tcpdump -vv -nxi eth0 host 209.85.229.147
Code:
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
It just waits..
 
Old 05-31-2010, 09:29 AM   #9
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
what does your routing table show? If you've only got eth0 for your default route, then it should certainly be visible. And you're running it as root?
 
Old 05-31-2010, 09:47 AM   #10
cola
Senior Member
 
Registered: Sep 2007
Posts: 1,035

Original Poster
Rep: Reputation: 65
Quote:
Originally Posted by acid_kewpie View Post
what does your routing table show? If you've only got eth0 for your default route, then it should certainly be visible. And you're running it as root?
Code:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
X.X.X.X     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
 
Old 05-31-2010, 09:48 AM   #11
cola
Senior Member
 
Registered: Sep 2007
Posts: 1,035

Original Poster
Rep: Reputation: 65
Quote:
Originally Posted by acid_kewpie View Post
what does your routing table show? If you've only got eth0 for your default route, then it should certainly be visible. And you're running it as root?
That was from root.
 
Old 05-31-2010, 04:04 PM   #12
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
you're joking right?? You're on a ppp connection, and still continually trying to sniff an unconnected ethernet interface??

BTW, well done on the batting performance yesterday, hopefully your bowling will catch up at some point soon.
 
Old 05-31-2010, 05:29 PM   #13
cola
Senior Member
 
Registered: Sep 2007
Posts: 1,035

Original Poster
Rep: Reputation: 65
Quote:
Originally Posted by acid_kewpie View Post
you're joking right?? You're on a ppp connection, and still continually trying to sniff an unconnected ethernet interface??

BTW, well done on the batting performance yesterday, hopefully your bowling will catch up at some point soon.
I have also tried this:
Code:
tcpdump -vv -nxi ppp0 host 209.85.229.147
Output:
Code:
tcpdump: listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
Then it's waiting..
I had to do CTRL+C.

BTW,batting could have been better,middle order batsmen collapsed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Tcpdump question? chinmays Linux - Software 9 01-08-2006 08:56 PM
tcpdump question gauge73 Linux - Newbie 2 08-09-2005 04:37 PM
Iptables and tcpdump question cli_man Linux - Networking 1 05-11-2004 07:01 PM
tcpdump -n question Melissa22 Linux - Networking 3 03-07-2004 08:05 PM
tcpdump question Xris718 Linux - Networking 1 12-08-2003 11:42 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration