The normal installation of libpcap installs libpcap as an archive library. If
this is your situation, it is possible that
the tcpdump binary and the ethereal binary could be using different versions of
libpcap (depending on when and how
you installed libpcap, tcpdump, and ethereal).
1. Are you using an archive or shared library version of libpcap? Is there a
libpcap.a or a libpcap.so on your system
(in /usr/lib or /usr/local/lib or somewhere else).
2. From where did you get your tcpdump and ethereal? Did you compile them
yourself, or install a pre-compiled package?
--gilbert
bill parducci <bill@xxxxxxxxxxxx> on 08/22/2000 04:19:20 PM
To: ethereal-users@xxxxxxxx
cc: (bcc: Gilbert Ramirez/Tivoli Systems)
Subject: [ethereal-users] capture filter issues
i have a redhat linux server with an ibm token ring (olympic) and intel
ethernet card in it. the box is acting as a address translation router
for an ethernet workstation in a token ring environment.
workstation --> [eth(0)]server[tr(0)] --> network
i am using ethereal 0.8.11, libpcap-0.4-27
the token ring (tr0) address on the box is 10.2.101.101
the ethernet (eth0) address on the box is 192.168.254.254
the address of my workstation (separate box) is 192.168.254.1
the problem i see is that i can run captures with ethereal and any
filter i want on eth0 from both my workstation and the server. however,
when i try to do ANY capture filtering on with tr0 i get no packets
captured (and there is a TON of traffic on the token ring side).
on the other hand, all of these work with tcpdump:
tcpdump -itr0 host 10.2.101.101
tcpdump -itr0 port 80
... as well as against eth0, yet none will work with tr0.
any idea why?
b