17800 – tcpdump displays corrupted mac addresses

Bug 17800 - tcpdump displays corrupted mac addresses

Summary: tcpdump displays corrupted mac addresses

Keywords:
Status:	CLOSED DUPLICATE of bug 9134
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	tcpdump
Sub Component:
Version:	6.2
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Harald Hoyer
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-09-22 23:00 UTC by Need Real Name
Modified:	2008-05-01 15:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2000-09-22 23:00:31 UTC
Embargoed:

Attachments	(Terms of Use)

Description Need Real Name 2000-09-22 23:00:30 UTC

Two 6.2 Redhat machines on an ethernet segment. 
One is pinging a the other.
On the first machine, tcpdump shows corrupted mac addresses:

0:0:0:0:0:1 / 0:0:0:0:0:0 instead of the real destination mac address.

02:49:53.741322 < 0:70:72:f0:de:20 0:0:0:0:0:1 ip 74: 113.65.144.5 > 
113.65.144.3: icmp: echo request
02:49:53.741422 > 0:0:0:0:0:0 0:70:72:f0:de:20 ip 74: 113.65.144.3 > 
113.65.144.5: icmp: echo reply

When using another (recompiled) version of tcpdump, it shows the correct 
mac addresses:

00:50:24.788056 0:70:72:f0:de:20 0:21:f2:11:93:9d 0800 74: 113.65.144.5 > 
113.65.144.3: icmp: echo request
00:50:24.788226 0:21:f2:11:93:9d 0:70:72:f0:de:20 0800 74: 113.65.144.3 > 
113.65.144.5: icmp: echo reply

Comment 1 Pekka Savola 2000-09-30 20:23:22 UTC

Your recompiled version didn't have Alexey Kuznetsov's patches in.

Newer versions of tcpdump use packet socket interface by default.  
It isn't possible to get all link level headers properly.

Using tcpdump -R works.


*** This bug has been marked as a duplicate of 9134 ***

Note You need to log in before you can comment on or make changes to this bug.