Re: The network is cut with tcpdump.

[Guy Harris <guy () alum mit edu>]

On Feb 3, 2011, at 10:36 AM, Masahiro Kamikubo wrote:

> When the tcpdump command was executed hereafter, the network was cut.

"Cut" meaning that you lost network connection on the network interface on which you were capturing network traffic?

If so, that might be a problem with...

> The environment is CnetOS5.5 that operates on VMware Player.

...VMware's emulated network adapter on the virtual machine.  You might want to ask VMware about it.

> Is there a problem in the format of the command?

No.  tcpdump doesn't do anything to disable a network interface; it uses libpcap, which also doesn't do anything that 
should disable a network interface (except perhaps turn monitor mode on, which *might* disassociate the adapter from 
the network, but that only applies to Wi-Fi interfaces).

> Mar 2 02:07:49 localhost kernel: audit(1299049669.539:3): dev=eth0 prom=256
> old_prom=0 auid=4294967295 ses=4294967295

I guess it's saying "I've turned promiscuous mode on".  Try running tcpdump with the "-p" flag, which leaves 
promiscuous mode *off* (the default is to turn it on).  If that fixes the problem, report this to the people at VMware, 
telling them that your network connection goes away when you put a guest network interface into promiscuous mode.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.