RedHat's enhanced tcpdump ignores /etc/protocols; it has
hard-coded strings for the protocol names it recognizes: all
others are only accepted by number. To fix:
Then, update eth_p_parse:
if (!strcmp(id, "x25"))
/* Check for protocol in /etc/protocols: */
if (pe = getprotobyname (id))
return htons (pe->p_proto);
libpcap seems to already do this it seems.
Fixed in tcpdump-3.4-17. Thanks for the patch.
I have seen this problem in my lab (at least its seems to be the same thing).
I have had to move a machine in my lab back to 6.0 to get a reliable tcpdump.
I'd love to try the fixed version, but i'm at a loss as to where I would find
the tcpdump-3.4-17 package. Can you let me know where it is? Thanks.