LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-17-2014, 07:07 AM   #1
ptosch
LQ Newbie
 
Registered: Jan 2014
Posts: 1

Rep: Reputation: Disabled
Weird tcpdump output (No IPs)


Hello,

recently I tried to capture packets on my android phone with tcpdump just to see, where it is calling home. Unfortunately it suprised me with an output I cannot handle with.

Exapmle:

I want to capture a ping command:

ping -c 1 linuxquestions.org

This is how the tcpdump output looks like (only first three packets):

bash-4.2# ./tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ccmni0, link-type EN10MB (Ethernet), capture size 68 bytes
11:57:55.382713 40:00:40:11:96:ba (oui Unknown) > 45:00:00:40:2e:a7 (oui Unknown), ethertype Unknown (0x0aa0), length 64:
0x0000: b41f c1bd f4ce e0c5 0035 002c da40 dc81 .........5.,.@..
0x0010: 0100 0001 0000 0000 0000 0e6c 696e 7578 ...........linux
0x0020: 7175 qu
11:57:56.071358 40:00:37:11:ce:51 (oui Unknown) > 45:00:00:50:00:00 (oui Unknown), ethertype Unknown (0xc1bd), length 80:
0x0000: f4ce 0aa0 b41f 0035 e0c5 003c a5b9 dc81 .......5...<....
0x0010: 8180 0001 0001 0000 0000 0e6c 696e 7578 ...........linux
0x0020: 7175 qu
11:57:56.079120 40:00:40:01:8d:9e (oui Unknown) > 45:00:00:54:00:00 (oui Unknown), ethertype Unknown (0x0aa0), length 84:
0x0000: b41f 4b7e a2cd 0800 9a49 4810 0001 c41a ..K~.....IH.....
0x0010: d952 8c34 0100 0809 0a0b 0c0d 0e0f 1011 .R.4............
0x0020: 1213 ..


What is this ? I expected to see IP addresses instead of ... MAC adresses ?

ccmni0 is my Network interface (3G).

netcfg output:

bash-4.2# netcfg
lo UP 127.0.0.1 255.0.0.0 0x00000049
dummy0 DOWN 0.0.0.0 0.0.0.0 0x00000082
tunl0 DOWN 0.0.0.0 0.0.0.0 0x00000080
gre0 DOWN 0.0.0.0 0.0.0.0 0x00000080
sit0 DOWN 0.0.0.0 0.0.0.0 0x00000080
ip6tnl0 DOWN 0.0.0.0 0.0.0.0 0x00000080
usb0 UP 192.168.42.129 255.255.255.0 0x00001043
ccmni0 UP 10.152.0.114 255.0.0.0 0x000000c1
ccmni1 DOWN 0.0.0.0 0.0.0.0 0x00000080
ccmni2 DOWN 0.0.0.0 0.0.0.0 0x00000080

uname -a :
Linux localhost 2.6.35.7 #1 PREEMPT Thu Jun 7 14:54:05 CST 2012 armv6l GNU/Linux

./tcpdump --help
tcpdump version 4.0.0
libpcap version 1.0.0

Regards,
Peter
 
Old 01-17-2014, 02:33 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
What's the 'usb0' interface? Like 'ccmni0', it appears to have an RFC1918 IP address assigned to it. Try listening on that interface.

Code:
# tcpdump -i usb0 icmp
.. and run your test again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
weird tcpdump behavior clcbluemont Linux - Networking 6 04-05-2010 01:59 PM
Router giving weird IPs to network beebop Linux - Networking 4 08-01-2005 02:11 AM
tcpdump output help asim_s2000 Linux - Networking 4 11-11-2004 09:30 AM
Summarizing tcpdump output Xit Linux - Networking 1 08-07-2004 03:35 PM
tcpdump output hampel Linux - Security 9 07-18-2003 01:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration