Help with tcpdump query

John DeDourek dedourek at unb.ca
Mon Oct 16 11:59:51 UTC 2006



Dan Track wrote:
> On 10/13/06, T. Horsnell <tsh at mrc-lmb.cam.ac.uk> wrote:
> 
>> >Hi
>> >
>> >Could someone please point out to me where I'm going wrong with the 
>> following:
>> >
>> >tcpdump -i eth0  not port 22 and not port 53 not ip proto icmp
>> >
>>
>> According to my man pages, you need to escape the icmp keyword thus 
>> (for C-shell)
>>
>> tcpdump -i eth0  not port 22 and not port 53 not ip proto \\icmp
>>
>> It works for me.
>>
>> To avoid the unresolvable ip addr, either aviod DSN lookups altogether
>> with -n , or include 'and not host xxx' where xxx is the ip address
>> you want to skip:
>>
>> tcpdump -i eth0  not port 22 and not port 53 and not host xxx and not 
>> ip proto \\icmp
>>
>> Cheers,
>> Terry.
>>
>>
>> >Additionally there's a client popping up that doesn't havea resolvable
>> >hostname how can I exclude it with tcpdump?
>> >
>> >Thanks in advance
>> >Dan
> 
> 
> 
> Hi
> 
> Thanks for the reply unforutnately I'm still getting the unresolvable 
> error:
> 
> tcpdump -n -i eth0  not port 22 and not port 53 and not host
> a72-246-55-1.deploy.akamaitechnologies.com and not ip proto \\icmp
> 
> tcpdump: unknown host 'a72-246-55-1.deploy.akamaitechnologies.com'
> 
> Any ideas?
> 
> Thanks
> Dan
> 
Use the resolver debugging tool "dig":
    dig a72-246-55-1.deploy.akamaitechnologies.com any
You will probably get "servfail".
You could go on to try
    dig @access.akamai.com. deploy.akamaitechnologies.com any +norecurse
What you will find is that a bunch of nameservers at akamai.com
are claimed to be nameservers for deploy.akamaitechnolgies.com,
but probably none of those (I only tried one) are actually servers
for deploy.akamaitechnologies.com.

Short answer: akamai.com. doesn't have their nameservers set up
to correctly serve the deploy.akamaitechnologies.com domain.
You will need to either delete that rule from your rule set, or use
the IP address instead.  (Of course, that doesn't answer the
question of how you find out the IP address if their nameservers
are not properly configured.  Perhaps you have a log entry or something
that identifies the IP address.)




More information about the fedora-list mailing list