Bug 17800 - tcpdump displays corrupted mac addresses
Summary: tcpdump displays corrupted mac addresses
Keywords:
Status: CLOSED DUPLICATE of bug 9134
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: tcpdump
Version: 6.2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-09-22 23:00 UTC by Need Real Name
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2000-09-22 23:00:31 UTC
Embargoed:


Attachments (Terms of Use)

Description Need Real Name 2000-09-22 23:00:30 UTC
Two 6.2 Redhat machines on an ethernet segment. 
One is pinging a the other.
On the first machine, tcpdump shows corrupted mac addresses:

0:0:0:0:0:1 / 0:0:0:0:0:0 instead of the real destination mac address.

02:49:53.741322 < 0:70:72:f0:de:20 0:0:0:0:0:1 ip 74: 113.65.144.5 > 
113.65.144.3: icmp: echo request
02:49:53.741422 > 0:0:0:0:0:0 0:70:72:f0:de:20 ip 74: 113.65.144.3 > 
113.65.144.5: icmp: echo reply

When using another (recompiled) version of tcpdump, it shows the correct 
mac addresses:

00:50:24.788056 0:70:72:f0:de:20 0:21:f2:11:93:9d 0800 74: 113.65.144.5 > 
113.65.144.3: icmp: echo request
00:50:24.788226 0:21:f2:11:93:9d 0:70:72:f0:de:20 0800 74: 113.65.144.3 > 
113.65.144.5: icmp: echo reply

Comment 1 Pekka Savola 2000-09-30 20:23:22 UTC
Your recompiled version didn't have Alexey Kuznetsov's patches in.

Newer versions of tcpdump use packet socket interface by default.  
It isn't possible to get all link level headers properly.

Using tcpdump -R works.


*** This bug has been marked as a duplicate of 9134 ***


Note You need to log in before you can comment on or make changes to this bug.