tcpdump -i carp0

SirDice

SirDice

Administrator
Staff member
Administrator
Moderator
Is this supposed to work?

tcpdump -ni carp0

I was fully expecting it to capture whatever was sent to the carp interface but this doesn't seem to be the case. I capture absolutely nothing. I can see the packets on the 'parent' interface though. Not really what I was expecting. Is my expectation wrong?
 
I remember from a working CARP environment that I had nearly the same effects. I say nearly because I had some traffic that could be captured on the CARP interface.

You have to tcpdump on the physical parent interface to capture traffic to the CARP interface. Consider the CARP interface as an alias not a virtual interface like VLANs.
 
SirDice said:
Is this supposed to work?

tcpdump -ni carp0

I was fully expecting it to capture whatever was sent to the carp interface but this doesn't seem to be the case. I capture absolutely nothing. I can see the packets on the 'parent' interface though. Not really what I was expecting. Is my expectation wrong?
Click to expand...

As this a pseudo interface, I think your expectation is wrong. Also filtering on the CARP interface (with PF) does not work at all, this is in PF's FAQ.
 
Alright, it seems my expectations were wrong. It's not really an issue as I can capture the packets on the physical interface. It just caught me off-guard, I thought I screwed up on my firewall as I wasn't seeing anything :e
 
You must log in or register to reply here.
Back
Top