tcpdump filter not functioning correctly with igb on FreeBSD 11.1

David Athay davida at truespeed.com
Tue Feb 6 22:10:28 UTC 2018 

# /usr/local/sbin/tcpdump --version
tcpdump version 4.9.0
libpcap version 1.8.1
OpenSSL 1.0.2n-freebsd  7 Dec 2017

Still same weirdness.

# /usr/local/sbin/tcpdump -ni igb0 not port 22 | less
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:03:28.941870 IP X.X.X.X.22 > 77.100.156.Y.52743: Flags [P.], seq 417632730:417632918, ack 196056259, win 1026, options [nop,nop,TS val 602028380 ecr 730520401], length 188
22:03:28.969328 IP 77.100.156.Y.52743 > X.X.X.X.22: Flags [.], ack 0, win 4093, options [nop,nop,TS val 730520446 ecr 602028380], length 0
22:03:28.969342 IP 77.100.156.Y.52743 > X.X.X.X.22: Flags [.], ack 188, win 4090, options [nop,nop,TS val 730520447 ecr 602028380], length 0

# /usr/local/sbin/tcpdump -ni igb0 not host 77.100.156.Y | less
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:05:58.807570 IP X.X.X.X.22 > 77.100.156.Y.52743: Flags [P.], seq 418507510:418507698, ack 196060707, win 1026, options [nop,nop,TS val 602178246 ecr 730669128], length 188
22:05:58.831887 IP 77.100.156.Y.52743 > X.X.X.X.22: Flags [.], ack 0, win 4093, options [nop,nop,TS val 730669159 ecr 602178246], length 0
22:05:58.838645 IP 77.100.156.Y.52743 > X.X.X.X.22: Flags [.], ack 188, win 4090, options [nop,nop,TS val 730669159 ecr 602178246], length 0

# /usr/local/sbin/tcpdump -ni igb0 host 77.100.156.Y
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
140 packets received by filter
0 packets dropped by kernel

—
David Athay
Senior DevOps Engineer
TrueSpeed Communications Ltd. 

> On 6 Feb 2018, at 21:57, Eugene Grosbein <eugen at grosbein.net> wrote:
> 
> 07.02.2018 4:33, David Athay пишет:
>> Same issue with tcpdump from ports, looks like its at the same version.
>> 
>> $ which tcpdump
>> /usr/sbin/tcpdump
>> 
>> $ /usr/sbin/tcpdump --version
>> tcpdump version 4.9.2
>> libpcap version 1.8.1
>> OpenSSL 1.0.2n-freebsd  7 Dec 2017
>> 
>> $ /usr/local/sbin/tcpdump --version
>> tcpdump version 4.9.2
>> libpcap version 1.8.1
>> OpenSSL 1.0.2n-freebsd  7 Dec 2017
>> 
>> Ports version is using libpcap from ports too.
> 
> Please deinstall ports' version of tcpdump, fetch previous one:
> 
> fetch http://pkg.freebsd.org/FreeBSD:11:amd64/release_1/All/tcpdump-4.9.0.txz
> pkg install -U tcpdump-4.9.0.txz
> 
> And re-try with /usr/local/sbin/tcpdump of that version.
> 
> 
>

More information about the freebsd-net mailing list