tcpdump mailing list archives
Re: using TCPDump
From: Guy Harris <gharris () sonic net>
Date: Fri, 27 Dec 2002 15:24:56 -0800
On Wed, Dec 25, 2002 at 05:29:07PM -0500, Antonio I. wrote:
Gharris, first of all, thanks for your answer. I don't know what you mean by "if you are running it by yourself". I suppose you don't mean the super user account,
What I mean is "are you running it under a normal user's account, or are you running it as the super-user"?
which I always am. I am always root.
I.e., you took the effort to turn on the super-user account, and you always log in as the super-user? (So that the "id" command reports "uid=0(root)" - and doesn't report something other than 0 as the EUID?) OK, although *I* don't do that - I like to run as little stuff as root as possible.
(Don't even think about it I am behind a firewall). What you are saying is that I do not have permission to open the bpf devices.
No, what I am saying is that if you aren't running as root you probably won't have permission to open the BPF devices.
But how could I not? I think you are aiming at the answer but I don't think that this is exactly it. Maybe there is something else (maybe there is something wrong with the bpf device files from Apple).
Maybe, but I suspect there's something else wrong - probably something wrong that's not Apple's fault.
Let me ask you, what system are you using?
When I typed the commands and entered my original reply, I was using MacOS X 10.1. I am currently using FreeBSD 3.4, although my iBook is also plugged into my home network and runnning.
When you first went on to use tcpdump, what did you do to get it working?
I typed sudo tcpdump and then, when the MacOS X tcpdump annoyingly selected my inactive Airport card rather than my active Ethernet interface, typed sudo tcpdump -i en0 instead. (That was the tcpdump that comes with MacOS X; I just now compiled libpcap 0.7.1 and tcpdump 3.7.1, and it selects en0 by default.)
Did something similar happened to you?
No, I had no problems whatsoever (other than having to tell the MacOS X tcpdump to use en0 rather than en1) - it certainly didn't tell me that it didn't find any devices. I'd suggest you do ifconfig -a to get a list of the network devices, and then try running tcpdump with the "-i" flag specifying the interface that's plugged into your LAN, for example if that's "en0", do sudo tcpdump -i en0 (or, if you really *are* logged in as root, just "tcpdump -i en0"). - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- using TCPDump Antonio I. (Dec 25)
- Re: using TCPDump Guy Harris (Dec 25)
- Re: using TCPDump Antonio I. (Dec 25)
- Re: using TCPDump Guy Harris (Dec 27)
- Re: using TCPDump Antonio I. (Dec 28)
- Re: using TCPDump Guy Harris (Dec 29)
- Re: using TCPDump Antonio I. (Dec 29)
- Re: using TCPDump Guy Harris (Dec 30)
- Re: using TCPDump Antonio I. (Dec 25)
- Re: using TCPDump Guy Harris (Dec 25)