tcpdump mailing list archives

Re: using TCPDump

From: "Guy Harris" <gharris () sonic net>
Date: Wed, 25 Dec 2002 11:25:11 -0800 (PST)

Antonio I. said:

I try this: tcpdump host 192.168.2.8, my LAN IP. I get the same error
message as above. Is this the right way to do it? If so why am I getting
 the "no suitable device found" message,


That depends on the OS on which you're running tcpdump and the account
under which you're running it.

and what does that mean?

Is this normal behaviour for a first-run of tcpdump? This program came
with my darwin dist


OK, so the OS is Darwin/MacOS X.

If you are running it as yourself, you will probably not have permission
to capture packets, as you will not, by default, have permission to open
the BPF devices:

[localhost:/dev] % ls -l bpf*
crw-------  1 root  wheel  7, 0 Dec 25 14:19 bpf0
crw-------  1 root  wheel  7, 1 Dec 25 14:09 bpf1
crw-------  1 root  wheel  7, 2 Dec 25 14:09 bpf2
crw-------  1 root  wheel  7, 3 Dec 25 14:09 bpf3

You would either have to

1) run it as root using "sudo";

2) use "sudo" to change the ownership of the BPF devices to yourself
(unfortunately, it appears that a "chown" doesn't pass through the union
mount to the underlying file system, or that the system "fixes" the
ownership of those devices when it boots, as when I changed it, it didn't
survive a reboot).


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

using TCPDump Antonio I. (Dec 25)
- Re: using TCPDump Guy Harris (Dec 25)
  - Re: using TCPDump Antonio I. (Dec 25)
    - Re: using TCPDump Guy Harris (Dec 27)
    - Re: using TCPDump Antonio I. (Dec 28)
    - Re: using TCPDump Guy Harris (Dec 29)
    - Re: using TCPDump Antonio I. (Dec 29)
    - Re: using TCPDump Guy Harris (Dec 30)