tcpdump shows vrrp traffic (proto 112) only if keepalived is run on the host

1.5k Views Asked by lyres At 23 June 2022 at 11:30

In our LAN we have several keepalived clasters (used different virtual_router_id of course) - all operating on multicast. The issue is that before installing and running keepalived on particular host I cannot sniff vrrp traffic by tcpdump:

when I started keepalived - I see ALL vrrp multicast of this LAN
when I stopped keepalived - tcpdump shows nothing in vrrp

Already checked firewalld, iptabels and sysctl net.ipv4.ip_nonlocal_bind - everything is OK. OS - RHEL 8.0

The need to see vrrp traffic before running keepalived is because we want to generate unique virtual_router_id before installing and running keepalived by checking what ids are already taken.

Original Q&A

There are 1 best solutions below

S. Mao On 18 September 2023 at 10:12

no run keepalived server: don't use -i any and -p，more information man tcpdump; when your's keepalived instance use auth_type AH，proto is ah not vrrp，so suggest you use

tcpdump -i eth0 net 224.0.0.0/8

tcpdump -i eth0 vrrp or ah

run keepalived server: you can execute ip maddress show dev eth0,you will find add some change

link 01:00:5e:00:00:12

inet 224.0.0.18

so nic run promiscuity mode you can still capture packets

tcpdump shows vrrp traffic (proto 112) only if keepalived is run on the host

There are 1 best solutions below

Related Questions in TCPDUMP

Related Questions in KEEPALIVED

Trending Questions

Popular # Hahtags

Popular Questions