• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: tcpdump wiggin out?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tcpdump wiggin out?

  • Subject: Re: tcpdump wiggin out?
  • From: Brian Hill <email@hidden>
  • Date: Fri, 17 Aug 2001 14:50:22 -0500
On Friday, August 17, 2001, at 02:28 PM, Chilton Webb wrote:

First, thanks to everyone who pointed out that TCPDump *is* already in the system, and that I could cease with my vain efforts to port it.

Secondly, I read the man pages for TCPDump and after playing around with them, I have found that I can see all of the traffic passing through the Airport I'm connected to. Great if I am trying to snoop on friends and family. NOT SO GREAT if I'm trying to diagnose traffic to my system. So can anyone explain why I'm getting everyone's traffic? Does this have something to do with Promiscuous Mode?

Yes. You could try using the '-p' flag to *not* put the interface into promiscuous mode (but read the man pages for caveats for that), or use a bpf qualifier based on your ethernet MAC address, or even your IP address (man pages again).

I use it like this a lot on a busy network to just see my own IP traffic:

tcpdump -l -v host 192.168.1.25


Thirdingly, I have noticed that while TCPDump catches everything on the Airport, it completely misses communiques with localhost. What's going on there?


Here's something from the man page on that:

-i Listen on interface. If unspecified, tcpdump
searches the system interface list for the lowest
numbered, configured up interface (excluding loop-
back). Ties are broken by choosing the earliest
match.

So you might be able to see the loopback interface traffic if you use '-i lo0'. I've never tried that, however.

Brian

email@hidden http://personalpages.tds.net/~brian_hill
___________________________________________________________
"Why? I came into this game for adventure - go anywhere, travel
light, get in, get out, wherever there's trouble, a man alone.
Now they've got the whole country sectioned off and you can't
move without a form. I'm the last of a breed."
-- Archibald "Harry" Tuttle, Rogue HVAC Repairman
___________________________________________________________

  • Follow-Ups:
    • Re: tcpdump wiggin out?
      • From: Brian Hill <email@hidden>
References: 
 >tcpdump wiggin out? (From: Chilton Webb <email@hidden>)

  • Prev by Date: RE: Downloading html page
  • Next by Date: Re: tcpdump wiggin out?
  • Previous by thread: tcpdump wiggin out?
  • Next by thread: Re: tcpdump wiggin out?
  • Index(es):
    • Date
    • Thread