TCPDUMP shows traffic in only one direction - VMS

This is a discussion on TCPDUMP shows traffic in only one direction - VMS ; Hi, Process Software MultiNet V5.2 Rev A-X, COMPAQ AlphaServer DS20E 666 MHz, OpenVMS AXP V8.3 This machine has two ethernet ports, one is 150.101.13.2 and the other is 150.101.13.15. Both are in the same subnet. When I use TCPDUMP to ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: TCPDUMP shows traffic in only one direction

  1. TCPDUMP shows traffic in only one direction

    Hi,

    Process Software MultiNet V5.2 Rev A-X, COMPAQ AlphaServer DS20E 666 MHz,
    OpenVMS AXP V8.3

    This machine has two ethernet ports, one is 150.101.13.2 and the other is
    150.101.13.15. Both are in the same subnet.

    When I use TCPDUMP to monitor traffic on a particular TCP port (587 in this
    case), I only see half the packets. If I use

    $ mu tcpdump/snap=1600/hex tcp port 587

    I see only the packets leaving the server. If I use

    $ mu tcpdump/snap=1600/hex/inter=se1 tcp port 587

    I see only the packets coming into the server (on 150.101.13.15). The TCP
    session I am trying to watch is connecting to 150.101.13.15 (interface se1)
    and the system's default route is 150.101.13.30 (which appears to be
    associated with the 150.101.13.2 interface).

    So how can I use TCPDUMP to watch both sides of an incoming TCP connection
    to 150.101.13.15?

    Thanks,

    Jeremy Begg

    +---------------------------------------------------------+
    | VSM Software Services Pty. Ltd. |
    | http://www.vsm.com.au/ |
    | "OpenVMS Systems Management & Programming" |
    |---------------------------------------------------------|
    | P.O.Box 402, Walkerville, | E-Mail: jeremy@vsm.com.au |
    | South Australia 5081 | Phone: +61 8 8221 5188 |
    |---------------------------| Mobile: 0414 422 947 |
    | A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
    +---------------------------------------------------------+

  2. Re: TCPDUMP shows traffic in only one direction

    Jeremy -

    tcpdump can only watch one interface. Given your setup and description,
    your only choice is to run two instances of tcpdump, one watching se0
    and the other watching se1.

    - ken

    Jeremy Begg wrote:
    > Hi,
    >
    > Process Software MultiNet V5.2 Rev A-X, COMPAQ AlphaServer DS20E 666 MHz,
    > OpenVMS AXP V8.3
    >
    > This machine has two ethernet ports, one is 150.101.13.2 and the other is
    > 150.101.13.15. Both are in the same subnet.
    >
    > When I use TCPDUMP to monitor traffic on a particular TCP port (587 in this
    > case), I only see half the packets. If I use
    >
    > $ mu tcpdump/snap=1600/hex tcp port 587
    >
    > I see only the packets leaving the server. If I use
    >
    > $ mu tcpdump/snap=1600/hex/inter=se1 tcp port 587
    >
    > I see only the packets coming into the server (on 150.101.13.15). The TCP
    > session I am trying to watch is connecting to 150.101.13.15 (interface se1)
    > and the system's default route is 150.101.13.30 (which appears to be
    > associated with the 150.101.13.2 interface).
    >
    > So how can I use TCPDUMP to watch both sides of an incoming TCP connection
    > to 150.101.13.15?
    >
    > Thanks,
    >
    > Jeremy Begg
    >
    > +---------------------------------------------------------+
    > | VSM Software Services Pty. Ltd. |
    > | http://www.vsm.com.au/ |
    > | "OpenVMS Systems Management & Programming" |
    > |---------------------------------------------------------|
    > | P.O.Box 402, Walkerville, | E-Mail: jeremy@vsm.com.au |
    > | South Australia 5081 | Phone: +61 8 8221 5188 |
    > |---------------------------| Mobile: 0414 422 947 |
    > | A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
    > +---------------------------------------------------------+
    >


    --
    - Ken
    ================================================== ===============
    Ken Connelly Associate Director, Security and Systems
    ITS Network Services University of Northern Iowa
    email: Ken.Connelly@uni.edu p: (319) 273-5850 f: (319) 273-7373


  3. Re: TCPDUMP shows traffic in only one direction

    Hi ! Hi !

    http://www.panoramio.com/photo/4940173



    "Jeremy Begg" a écrit dans le message de news: 01MSM1XGVMD08Y53N3@vsm.com.au...
    > Hi,
    > +---------------------------------------------------------+




+ Reply to Thread