Strange problem after upgrade from Fedora 13 to Fedora 14

[Mike Iglesias]

I have a system that is getting a monitor feed from our Cisco border router of
all the traffic passing thru the border.  This system is running Argus v2
(yes, I know I need to upgrade, I'm waiting for some new equipment to come
online).  It was working fine running Fedora 13.

I upgraded the system to Fedora 14, and now all the traffic appears to be
reported as IPv6.  tcpdump gives this when I run it:

# /usr/sbin/tcpdump -i eth1 -lvnexX | more
08:25:48.581269 00:0f:23:bf:45:00 > 00:00:0c:07:ac:00, 802.3, length 1434:
LLC, dsap Unknown (0x66) Group, ssap Unknown (0xb8) Command, ctrl 0x0000:
Information, send seq 0, rcv seq 0, Flags [Command], length 1420
	0x0000:  67b8 0000 3606 2940 8100 0065 cf7b 31fd  g...6.)@...e.{1.
	0x0010:  80c8 6c33 0050 c083 da19 726f 3b24 774a  ..l3.P....ro;$wJ
	0x0020:  5010 0047 f86b 0000 bd6d a3b2 f5bd cd17  P..G.k...m......
	0x0030:  bcd0 099e bea5 5abb 2ff8 4f36 9ba4 c11d  ......Z./.O6....
	0x0040:  aa93 07f6 a9aa d576 7721 3033 2c29 e889  .......vw!03,)..
	0x0050:  7a18 7448 13f5 e29b eb75 219d f8d3 bb8f  z.tH.....u!.....
	0x0060:  2cc3 6cb1 81ea e2ba 9753 465f fd32 885d  ,.l......SF_.2.]
	0x0070:  ec5c e093 d59d 98af 4d8b a8fe d0d1 4dea  .\......M.....M.
[snip]

I can see one of our IPs there (starting with byte 0x10, 80c86c33.

Is there some filter I need to set on tcpdump (and argus) to get useful data
back?  The argus data is useless as is.


-- 
Mike Iglesias                          Email:       iglesias at uci.edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270