<div dir="ltr">Thanks Noel. I'll try and compile a version of tcpdump w/ NFLOG support. In the meantime, the pause happened. The logs are here: <a href="https://pastebin.com/CxE2fph8">https://pastebin.com/CxE2fph8</a>. The last successful period ping that worked was at Sun Dec 13 17:22:44 2015 (UTC).<div><br></div><div>I do have a full packet capture (tcpdump -nnl -i eth0 -s0). Which we can review if needed. I'll try extracting out just the header portion.</div><div><br></div><div>mahesh</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Dec 13, 2015 at 12:19 PM, Noel Kuntze <span dir="ltr"><<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
</span>>[...] but when I tried to do the tcpdump, I get this error:<br>
# tcpdump -s 0 -n -i nflog:5tcpdump: NFULNL_CFG_CMD_PF_UNBIND: Operation not permitted<br>
<span class="">ifconfig doesn't show any nflog interface.<br>
<br>
</span>Hello Mahesh,<br>
<br>
Looks like Ubuntu 14.04's tcpdump is not compiled with working NFLOG support.<br>
NFLOG does not create any virtual network interface.<br>
It's implemented as a multicast group reachable over netlink socket, which is a kernel interface.<br>
If you can't use nflog to specify the filter, try using bpf syntax with tcpdump.<br>
<br>
E.g.: tcpdump -s 0 -n -i eth0 'esp or udp and (port 500 or port 4500)'<br>
<span class=""><br>
- --<br>
<br>
Mit freundlichen Grüßen/Kind Regards,<br>
Noel Kuntze<br>
<br>
GPG Key ID: 0x63EC6658<br>
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
<br>
</span>iQIcBAEBCAAGBQJWbaiHAAoJEDg5KY9j7GZYRHoP/304Hk9LUVxLu5L/6Cl2Dh3y<br>
nxKFqEXERPwI63pH4k8T3UVIUrWuxvpKFufOH8YE/VbnTlgXpT6Wm5exIdrfgIDx<br>
UkIcAz/ThGcSsO4y9w2hQsuuaPTaRL6oNpJJo1RQBICdI+vts7+AGB6T1GCg2fAl<br>
JTbQIz9e45tu2k4EREN2miXCUHQQ3Vclj2V9HUL/b4rerkqsjARZ7KX+UkZswxPo<br>
kX9L67qd5BE21hLXDHP5TvuBocz4oC9znc0BFf0bMq9U/Jv0rv/KL76JMc2y90+w<br>
JPOkUbF82YZeT/eQehY+rXk0+09WHdS7qa+s7tJfOT8HfaI46aKaYHX88wtYzA4p<br>
QJBqEES1H39/QWCH899VDU+qP/NWLOuIIb9zkjFTLVuPnamDXD/NT4feGg+YmNoC<br>
wIdVVKGO16a/oo5w0o99TZKwfEGQxiPBqXu/3oUXLmvy4HAVlclrNLzsxQR5hFTa<br>
8IXfqz4ETzu4euQdHxIJnFWC9WC3v2UdB6XEnY994+EsAr1bEtlqbwNKb8erjtvv<br>
Na7gDkz9YmsECkU37tTkz1CyKriyUqnCZsWEE0OhZtufuc3ZMmi1RZ7+jGJZoa1R<br>
6UkgKRQT6ysfPOqvwy6XPAy+yTBwmuHI0No0QCvwUHuNvMz1rpCANixAYUJwKKc7<br>
pzSilKv4X4Sj6IAgl3oc<br>
=fwTz<br>
-----END PGP SIGNATURE-----<br>
<br>
</blockquote></div><br></div>