78193 – Different Number of Packets

Bug 78193 - Different Number of Packets

Summary: Different Number of Packets

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	tcpdump
Sub Component:
Version:	7.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Harald Hoyer
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	78192 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-11-19 22:32 UTC by Need Real Name
Modified:	2008-05-01 15:38 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-03-10 15:31:59 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Need Real Name 2002-11-19 22:32:10 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Description of problem:
We are using the re-direct feature to print the results to a file
tcpdump -e -x host A and Host b >testfile
we are monitoring the traffic of a cetrain file.

Version-Release number of selected component (if applicable):
3.6

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.
There not any.	

The problem arrizes for the number of packets that tcpdump report.
using the screen as the standart output
tcpdump -e -x host A and Host b
the number of packets are 2.000

tcpdump -e -x host A and Host b > testfile

using the file as the standart output the number of packets are 6.000
Please note that we are following the same procedure, monitoring
the traffic of the same file 


Expected Results:  Same number of packets at both scenarios.
 

Additional info:

Note that at 3.6.3 this problem does not exist!

Comment 1 Harald Hoyer 2002-11-20 11:08:11 UTC

Do not tell me that the shell ">" redirector changes any of the tcpdump
behaviour :-)
Show me how you can make a reproducible network traffic other than using a dump
file and the -r argument.
The shell ">" has nothing to do with tcpdump. 
If you are logged in from host A to the other host B and start tcpdump over the
network you should experience _even_ less packets with ">" because the packets
containing the output of tcpdump are not transferred over the network...

Comment 2 Harald Hoyer 2002-11-20 11:08:30 UTC

*** Bug 78192 has been marked as a duplicate of this bug. ***

Comment 3 Need Real Name 2002-11-21 13:47:01 UTC

You are right  that the shell ">" redirector DOES NOT changes any of the 
tcpdump behaviour.

Today i tried the following commands from HOST7.
It is on the same subnet & hub with the HOST8.
Host 8 download a 17 MB file using sftp.

   Tcpdump -x -w test1 host HOST8 and unix1 
   control C
   Packets 20.451!

   Immediately, same procedure but print to the screen
   Tcpdump -x host HOST8 and unix1 
   control C
   Packets 4.462

I have not mentioned that i am not logged as root.   
TCPdump requieres root priviledes to run propertly?
The file is saved to my home directory where i have full privileges,

Comment 4 Mike A. Harris 2002-11-22 04:42:47 UTC

Yes, tcpdump requires root priveledges to run.  Otherwise any user on
the system could sniff network traffic, steal passwords, and capture
other data going over the network.

I fail to see any valid bug in this bug report.  tcpdump is working properly
as designed.

Note You need to log in before you can comment on or make changes to this bug.