tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Problem with Mac OS 10.2

From: Guy Harris <gharris () sonic net>
Date: Sat, 21 Dec 2002 15:28:21 -0800
On Thu, Dec 19, 2002 at 10:26:49PM -0500, Noah Silverman wrote:

Since upgrading to OS 10.2, I've discovered that tcpdump, as well as 
ethereal, ettercap, and other libpcap dependent programs, don't seem to 
work.


Are you using the MacOS X libpcap and tcpdump, or is one or the other of
them from tcpdump.org or some other provider of libpcap and tcpdump?


I can run tcpdump, and get data, but it is only two types:
1) ALL traffic information too and from my machine
2) ipx and udp traffic from all machines on my LAN

It appears as if TCP traffic is not being received in promiscuous mode, 
or is not being handled correctly.


I assume that you were seeing TCP traffic before the upgrade.

Are you seeing any IPX or UDP *UNICAST* traffic (or any *other* unicast
traffic, for that matter) between machines on your LAN other than your
machine, or is it all just broadcasts and multicasts?


Do you have any suggestions or ideas?


Suggestions:

        If you haven't already done so, you should probably try it with
        the MacOS X tcpdump (which is probably linked, perhaps
        dynamically, with the MacOS X libpcap).

        If that doesn't work, report it to Apple as a bug with their
        software.

        If that *does* work, report it to Apple and ask them to tell
        tcpdump.org what changes we need to make to *our* libpcap to
        make it work.

Ideas:

        If you are not seeing any IPX or UDP unicast traffic, it's
        probably just not putting the interface into promiscuous mode
        *at all*:

                http://www.tcpdump.org/faq.html#q5

        If you *are* seeing unicast traffic between machines on your LAN
        other than your machine, I have no idea what's going on, which
        is why I suggest you talk to Apple.

        (If you've never seen unicast traffic between machines on your
        LAN other than your machine, even before the upgrade, it's
        probably just a switched-network or dual-speed-hub problem:

                http://www.tcpdump.org/faq.html#q4

        .)
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: