Wireshark-users: Re: [Wireshark-users] 2 IP addresses on 1 machine

From: Abhik Sarkar <sarkar.abhik@xxxxxxxxx>
Date: Sun, 19 Apr 2009 21:03:37 +0400
I don't know what others have to say, but your LAN configuration doesn't quite look alright (unless what I am about to say is also the result of your massaging the configuration files for display here). What you have is two Ethernet interfaces in the same subnet, both defined with gateways. This is likely to confuse the routing. I would suggest removing the GATEWAY line from anyone of the interface configuration files and restarting the network service.

On Sun, Apr 19, 2009 at 7:22 PM, Juan Perez <jperezsip2008@xxxxxxxxx> wrote:

anybody has experienced this prob? any ideas on how to solve it?
any help would be very much appreciated, thanks

jp



----- Original Message ----
From: Juan Perez <jperezsip2008@xxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Friday, April 17, 2009 4:27:43 PM
Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine


ok, what happens is that I am using pub IPs and can not show them here. I had to edit the output of the "ifcfg-ethX" files and of course I messed up 2 times, :-(.
this should be the right information, sorry again.


eth1 --> 192.168.1.10 255.255.255.0
eth2 --> 192.168.1.11 255.255.255.0


[root@proxy2 network-scripts]# cat ifcfg-eth1
# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
DEVICE=eth1
BOOTPROTO=none
BROADCAST=192.168.1.255
HWADDR=00:19:b9:f2:f3:f4
IPADDR=192.168.1.10
NETMASK=255.255.255.0
NETWORK=192.168.1.0
_ONBOOT_=yes
GATEWAY=192.168.1.1
TYPE=Ethernet
[root@proxy2 network-scripts]#

[root@proxy2 network-scripts]# cat ifcfg-eth2
# Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)
DEVICE=eth2
_ONBOOT_=yes
BOOTPROTO=none
HWADDR=00:04:23:e6:8b:17
NETMASK=255.255.255.0
IPADDR=192.168.1.11
GATEWAY=192.168.1.1
TYPE=Ethernet
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
[root@proxy2 network-scripts]#





----- Original Message ----
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Friday, April 17, 2009 1:52:41 PM
Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine

Hi,

Your config says differently:

<quote>
 [root@proxy2 network-scripts]# cat ifcfg-eth0
 # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
 DEVICE=eth0
 BOOTPROTO=none
 BROADCAST=192.168.1.255
 HWADDR=00:19:b9:f2:f3:f4
 IPADDR=192.168.1.10
 NETMASK=255.255.255.0
 NETWORK=192.168.1.0
 _ONBOOT_=yes
 GATEWAY=192.168.1.1
 TYPE=Ethernet
</quote>

Thanx,
Jaap

Juan Perez wrote:
> sorry, I was a mistake, it is eth1 and eth2, the question still remains ;-)
>
> eth1 -> IP=192.168.1.10/24
> eth2 -> IP=192.168.1.11/24
>
>
> cheers
>
> jp
>
>
> ----- Original Message ----
> From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Sent: Friday, April 17, 2009 1:22:43 PM
> Subject: Re: [Wireshark-users] 2 IP addresses on 1 machine
>
> Hi,
>
> Reading from the configuration data, in short:
>
> eth0 -> IP=192.168.1.10/24
> eth1 -> IP=192.168.1.11/24
>
> So, there is not eth2 in this list. The command line "tshark -i eth1" to capture
>   traffic to 192.168.1.11 is perfectly oke.
>
> Thanx,
> Jaap
>
> Juan Perez wrote:
>> Hello
>>
>> I have a linux machine with two physical NICs and each NIC has its own IP address belonging to the same network.
>> Example:
>> eth0 --> 192.168.1.10 255.255.255.0
>> eth1 --> 192.168.1.11 255.255.255.0
>>
>>
>> [root@proxy2 network-scripts]# cat ifcfg-eth0
>> # Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
>> DEVICE=eth0
>> BOOTPROTO=none
>> BROADCAST=192.168.1.255
>> HWADDR=00:19:b9:f2:f3:f4
>> IPADDR=192.168.1.10
>> NETMASK=255.255.255.0
>> NETWORK=192.168.1.0
>> _ONBOOT_=yes
>> GATEWAY=192.168.1.1
>> TYPE=Ethernet
>> [root@proxy2 network-scripts]#
>>
>> [root@proxy2 network-scripts]# cat ifcfg-eth1
>> # Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)
>> DEVICE=eth1
>> _ONBOOT_=yes
>> BOOTPROTO=none
>> HWADDR=00:04:23:e6:8b:17
>> NETMASK=255.255.255.0
>> IPADDR=192.168.1.11
>> GATEWAY=192.168.1.1
>> TYPE=Ethernet
>> NETWORK=192.168.1.0
>> BROADCAST=192.168.1.255
>> [root@proxy2 network-scripts]#
>>
>> I have 2 apps, each one listen on 1 IP:
>>
>> app 1 listens only on 192.168.1.10
>> app 2 listens only on 192.168.1.11.
>>
>> When I run tshark this way "tshark -i eth2 -S" and packets destined to IP 2  arrive I do no see them, I have to run tshark like this: "tshark -i eth1 -S".
>> In summary, I have to run "tshark -i eth1" for me to see the packets that fo to IP 2. When I do it that way I can see the packets from any ext IP to the IP 2 192.168.1.11.
>>
>> This should not be. Is there anything wrong with my NICs configuration?
>>
>> cheers
>>
>> jp
>>
>>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe





___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe





___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe