Bug 17800

Summary: tcpdump displays corrupted mac addresses
Product: [Retired] Red Hat Linux Reporter: Need Real Name <blocher>
Component: tcpdumpAssignee: Harald Hoyer <harald>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2CC: pekkas
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-09-22 23:00:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2000-09-22 23:00:30 UTC 
Two 6.2 Redhat machines on an ethernet segment. 
One is pinging a the other.
On the first machine, tcpdump shows corrupted mac addresses:

0:0:0:0:0:1 / 0:0:0:0:0:0 instead of the real destination mac address.

02:49:53.741322 < 0:70:72:f0:de:20 0:0:0:0:0:1 ip 74: 113.65.144.5 > 
113.65.144.3: icmp: echo request
02:49:53.741422 > 0:0:0:0:0:0 0:70:72:f0:de:20 ip 74: 113.65.144.3 > 
113.65.144.5: icmp: echo reply

When using another (recompiled) version of tcpdump, it shows the correct 
mac addresses:

00:50:24.788056 0:70:72:f0:de:20 0:21:f2:11:93:9d 0800 74: 113.65.144.5 > 
113.65.144.3: icmp: echo request
00:50:24.788226 0:21:f2:11:93:9d 0:70:72:f0:de:20 0800 74: 113.65.144.3 > 
113.65.144.5: icmp: echo reply
Comment 1 Pekka Savola 2000-09-30 20:23:22 UTC 
Your recompiled version didn't have Alexey Kuznetsov's patches in.

Newer versions of tcpdump use packet socket interface by default.  
It isn't possible to get all link level headers properly.

Using tcpdump -R works.


*** This bug has been marked as a duplicate of 9134 ***