I haven't been following this thread, but figured I'd say that I was having problems capturing to files. It was really strange and I couldn't figure it out. So I checked my quota on the inst machine and it was full :( doh! So I deleted some files and magically I could write my dump files now. Anyway thought this may keep someone from going crazy-er.
<br><br>Josh<br><br><div class="gmail_quote">On Dec 10, 2007 5:54 PM, Simon Tan <<a href="mailto:simtan@berkeley.edu">simtan@berkeley.edu</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Capturing on the file_recv receiving port does capture packets, but we<br>found that we get more complete results (i.e. we capture both outgoing and<br>incoming packets coming on both sender and receiver sides) if we capture
<br>on the MNLDaemons' listening ports.<br><br>However, for some reason, capturing on the MNLDaemon's ports didn't<br>capture any packets at first -- we had to add 1 to the port numbers<br>(MNLDaemon's listening port + 1) to capture packets. This seems
<br>completely ridiculous, but it actually worked (in our case at least). Can<br>anyone give us insight as to why? (Is MNLDaemon buggy?)<br><br><br>On Mon, 10 Dec 2007 15:39:08 -0800, Linda Sha <<a href="mailto:lindablus@berkeley.edu">
lindablus@berkeley.edu</a>><br>wrote:<br><div><div></div><div class="Wj3C7c"><br>> Hi,<br>><br>> I have a question about tcpdump:<br>> When I specify a port number for tcpdump, I'm not able to capture any
<br>> packets. When I take out the port number, I get ssh encrypted messages.<br>> I'm<br>> not sure what happened.<br>><br>> /share/b/ee122/tcpdump -s 0 -w trace host <a href="http://c199.eecs.berkeley.edu" target="_blank">
c199.eecs.berkeley.edu</a> and port<br>> 9468<br>> tcpdump.sun4u: listening on qfe0, link-type EN10MB (Ethernet), capture<br>> size<br>> 65535 bytes<br>> 0 packets captured<br>> 34224 packets received by filter
<br>> 0 packets dropped by kernel<br>><br>> ##port 9468 is the port my server is listening on.<br>><br>> Thanks.<br>><br>> Linda<br><br><br><br></div></div><font color="#888888">--<br>~Simon Tan >> undergraduate at UC Berkeley
<br>Source: <a href="mailto:simtan@berkeley.edu">simtan@berkeley.edu</a><br></font><div><div></div><div class="Wj3C7c">_______________________________________________<br>ee122 mailing list<br><a href="mailto:ee122@mailman.ICSI.Berkeley.EDU">
ee122@mailman.ICSI.Berkeley.EDU</a><br><a href="http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/ee122" target="_blank">http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/ee122</a><br></div></div></blockquote></div><br>