View Single Post
Old 12th March 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

Some tcpdump tips:

If you add the -e option like in tcpdump -eni re0 then the MAC addresses are shown:
Code:
10:00:07.092146 00:19:db:47:b0:4c ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.222.11 tell 192.168.222.20
10:00:07.092359 00:08:c7:05:ca:0b 00:19:db:47:b0:4c 0806 60: arp reply 192.168.222.11 is-at 00:08:c7:05:ca:0b
Usually that makes you understand the arp traffic better

By using the -n option you will prevent tcpdump from doing reverse DNS lookups (IP nr -> symbolic name), that will pollute tpcdump's output.
You can increase verbosity by using -vv and by setting the snap length with -s 1500 you can see the complete protocol info.
For example this from a (repeated, forgot the -s 1500 the first time) dhclient request:
Code:
10:25:34.948816 00:20:ed:25:f1:ac ff:ff:ff:ff:ff:ff 0800 342: 192.168.222.249.68 > 255.255.255.255.67: [udp sum ok] xid:0x85375eaa vend-rfc1048 RQ:192.168.222.249 DHCP:REQUEST PR:SM+BR+TZ+DG+DN+NS+HN [tos 0x10] (ttl 16, id 0, len 328)
10:25:34.988618 00:08:c7:05:ca:0b 00:20:ed:25:f1:ac 0800 342: 192.168.222.10.67 > 192.168.222.249.68: [udp sum ok] xid:0x85375eaa Y:192.168.222.249 S:192.168.222.10 vend-rfc1048 DHCP:ACK SID:192.168.222.10 LT:36000 SM:255.255.255.0 DG:192.168.222.10 DN:"utp.xnet" NS:192.168.222.10 [tos 0x10] (ttl 16, id 0, len 328)
10:25:34.995014 00:20:ed:25:f1:ac ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.222.249 tell 192.168.222.249
For the 10.0.0.0 network the address of you athn0 card,10.0.0.1, should be the default gateway(router). Did you specify that in your dhcpd.conf?
You can check the default route with netstat -rn -f inet

After a mobile client got an IP address through DHCP, it should be able to ping the gateway, and the internal IP address of your server.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote