Why doesn't tcpdump catch packet after specifying ip?

0
votes

when I usetcpdump -i eth0 -nn,you can see the packet from 192.168.19.101 (I don't have enough reputation to post a picture) but when I specify ip,tpyetcpdump -i eth0 -nn host 192.168.19.101,tcpdump captured no packets but recieved some packets.

WHY?

1
tcpdump
What happens if you try tcpdump -i eth0 -nn vlan and host 192.168.19.101?user862787
yes,it works.I forget to tell that i catch packets on a port mirroring.Libraco

1 Answers

1
votes

OK, then it's an unfortunate consequence of the difficulty of handling VLAN encapsulation in BPF. VLAN packets captured on a "raw" interface (that supplies packets with their VLAN headers intact) aren't treated as IP packets, they're treated as VLAN packets, so you need to do "vlan and" to skip past the VLAN header.