Radium correlation - BPF not working
John Gerth
gerth at graphics.stanford.edu
Mon Jun 20 19:19:23 EDT 2011
On 6/20/2011 4:06 PM, Chris Wakelin wrote:
....
>
> One odd thing is that tcpdump doesn't work as expected either; on this machine a BPF filter matches nothing, whereas on similar machines I have cases
> where it matches only one side of the traffic and others where it works as expected. I get the same ARGUS errors with two interfaces on one of the
> machines where BPF is working though.
>
BPF filtering whether tcpdump or argus will fail and match nothing if the mirror packets are
coming tagged with vlan headers. The quick check is to prefix the failing filter, e.g.
tcpdump -i .... vlan and .....
--
John Gerth gerth at graphics.stanford.edu Gates 378 (650) 725-3273 fax 723-0033
More information about the argus
mailing list