Bug 17800 - tcpdump displays corrupted mac addresses
tcpdump displays corrupted mac addresses
Status: CLOSED DUPLICATE of bug 9134
Product: Red Hat Linux
Classification: Retired
Component: tcpdump (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
Depends On:
  Show dependency treegraph
Reported: 2000-09-22 19:00 EDT by Need Real Name
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-09-22 19:00:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2000-09-22 19:00:30 EDT
Two 6.2 Redhat machines on an ethernet segment. 
One is pinging a the other.
On the first machine, tcpdump shows corrupted mac addresses:

0:0:0:0:0:1 / 0:0:0:0:0:0 instead of the real destination mac address.

02:49:53.741322 < 0:70:72:f0:de:20 0:0:0:0:0:1 ip 74: > icmp: echo request
02:49:53.741422 > 0:0:0:0:0:0 0:70:72:f0:de:20 ip 74: > icmp: echo reply

When using another (recompiled) version of tcpdump, it shows the correct 
mac addresses:

00:50:24.788056 0:70:72:f0:de:20 0:21:f2:11:93:9d 0800 74: > icmp: echo request
00:50:24.788226 0:21:f2:11:93:9d 0:70:72:f0:de:20 0800 74: > icmp: echo reply
Comment 1 Pekka Savola 2000-09-30 16:23:22 EDT
Your recompiled version didn't have Alexey Kuznetsov's patches in.

Newer versions of tcpdump use packet socket interface by default.  
It isn't possible to get all link level headers properly.

Using tcpdump -R works.

*** This bug has been marked as a duplicate of 9134 ***

Note You need to log in before you can comment on or make changes to this bug.