Tcpdump drops all packets when filtering by VLAN tag. Works fine when reading packets from a file, but not when reading from a NIC.
For example, this captures nothing:
tcpdump -i eth15 -nnte vlan
But this works as expected:
tcpdump -i eth15 -nnte -w - | tcpdump -r - vlan
# uname -a
Linux blocto.safety.net.wm.edu 2.6.32-358.23.2.el6.x86_64 #1 SMP Sat Sep 14 05:32:37 EDT 2013 x86_64 x86_64 x86_64 GNU/Linux
# rpm -q tcpdump
# ethtool -i eth15
This is not a bug in tcpdump itself but rather in libpcap. Reassigning there. Note that before doing something about this on libpcap side, some changes in kernel has to be introduced.
Just an quick update on the current status. Kernel part is done, now we can move to fixing libpcap.
Opened a pull request on github trying to address this.
Feel free to join the discussion on github and also testing would be much appreciated. Thanks.
http://pkgs.devel.redhat.com/cgit/rpms/libpcap/commit/?h=rhel-6.7&id=4314f1a9ddc977ff275e548cd8b2bf8df5d659f5 -> MODIFIED
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.