You can do
tcpdump -pni eth1
To enable promisc mode. That said, in this case you probably don't
need it. Promiscuous mode is only required when the destination MAC
is different to the recieving interface, and since this system is
presumably the default gateway it should be receiving frames with
the eth1 MAC as destination.
That said, output of:
arp -n
route -n
would be helpful. iptables rules are hit after the packet capture,
so that's mostly irrelevant at this point.
David
On 1/7/12 11:14 AM, Bill East wrote:
On Sat, Jan 7, 2012 at 10:41 AM, <MailList@nerdworld.org>
wrote:
I bought one of those goofy internet clocks (http://www.myixp3.com/home/) and
despite a few problems, have been able to get my messages sent
to it via the
company's web page or eMail.
However, being one who will never leave anything working alone
(I have an
unsatisfiable desire to "improve" things! <grin>), I
want to hack this little
bad boy.
I have not found anything published on the protocol for the
clock, so I
thought I'd just sniff the network stream and figure out what
it's doing. I
can tell from my DHCP server that it's getting a lease at
192.168.1.200. I
therefore tried this command on my firewall.
tcpdump -i eth1 host 192.168.1.200
I then used the web page to successfully send a message to the
clock.
Oddly, I'm not getting anything recorded by tcpdump. If I
drop the host
portion and just grab everything, the address of the clock
never shows up.
I'm fairly certain that if your interface is not in promiscuous
mode it will not record traffic passing through, even on that
specific interface.
ifconfig eth1 promisc should do it for you, but I'm saying that
from memory.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|