Dan Track wrote:
On 10/13/06, T. Horsnell <tsh@xxxxxxxxxxxxxxxxx> wrote:
>Hi
>
>Could someone please point out to me where I'm going wrong with the
following:
>
>tcpdump -i eth0 not port 22 and not port 53 not ip proto icmp
>
According to my man pages, you need to escape the icmp keyword thus
(for C-shell)
tcpdump -i eth0 not port 22 and not port 53 not ip proto \\icmp
It works for me.
To avoid the unresolvable ip addr, either aviod DSN lookups altogether
with -n , or include 'and not host xxx' where xxx is the ip address
you want to skip:
tcpdump -i eth0 not port 22 and not port 53 and not host xxx and not
ip proto \\icmp
Cheers,
Terry.
>Additionally there's a client popping up that doesn't havea resolvable
>hostname how can I exclude it with tcpdump?
>
>Thanks in advance
>Dan
Hi
Thanks for the reply unforutnately I'm still getting the unresolvable
error:
tcpdump -n -i eth0 not port 22 and not port 53 and not host
a72-246-55-1.deploy.akamaitechnologies.com and not ip proto \\icmp
tcpdump: unknown host 'a72-246-55-1.deploy.akamaitechnologies.com'
Any ideas?
Thanks
Dan
Use the resolver debugging tool "dig":
dig a72-246-55-1.deploy.akamaitechnologies.com any
You will probably get "servfail".
You could go on to try
dig @access.akamai.com. deploy.akamaitechnologies.com any +norecurse
What you will find is that a bunch of nameservers at akamai.com
are claimed to be nameservers for deploy.akamaitechnolgies.com,
but probably none of those (I only tried one) are actually servers
for deploy.akamaitechnologies.com.
Short answer: akamai.com. doesn't have their nameservers set up
to correctly serve the deploy.akamaitechnologies.com domain.
You will need to either delete that rule from your rule set, or use
the IP address instead. (Of course, that doesn't answer the
question of how you find out the IP address if their nameservers
are not properly configured. Perhaps you have a log entry or something
that identifies the IP address.)
