tcpdump mailing list archives
Re: using TCPDump
From: "Antonio I." <cocoadeveloper () netscape net>
Date: Wed, 25 Dec 2002 17:29:07 -0500
Gharris, first of all, thanks for your answer. I don't know what you mean by "if you are running it by yourself". I suppose you don't mean the super user account, which I always am. I am always root. (Don't even think about it I am behind a firewall). What you are saying is that I do not have permission to open the bpf devices. But how could I not? I think you are aiming at the answer but I don't think that this is exactly it. Maybe there is something else (maybe there is something wrong with the bpf device files from Apple). Let me ask you, what system are you using? When you first went on to use tcpdump, what did you do to get it working? Did something similar happened to you? I really appreciate your time gharris, thanks a lot and hope to hear from you.
Tony gharris () sonic net wrote:
Antonio I. said:I try this: tcpdump host 192.168.2.8, my LAN IP. I get the same error message as above. Is this the right way to do it? If so why am I getting the "no suitable device found" message,That depends on the OS on which you're running tcpdump and the account under which you're running it.and what does that mean? Is this normal behaviour for a first-run of tcpdump? This program came with my darwin distOK, so the OS is Darwin/MacOS X. If you are running it as yourself, you will probably not have permission to capture packets, as you will not, by default, have permission to open the BPF devices: [localhost:/dev] % ls -l bpf* crw------- 1 root wheel 7, 0 Dec 25 14:19 bpf0 crw------- 1 root wheel 7, 1 Dec 25 14:09 bpf1 crw------- 1 root wheel 7, 2 Dec 25 14:09 bpf2 crw------- 1 root wheel 7, 3 Dec 25 14:09 bpf3 You would either have to 1) run it as root using "sudo"; 2) use "sudo" to change the ownership of the BPF devices to yourself (unfortunately, it appears that a "chown" doesn't pass through the union mount to the underlying file system, or that the system "fixes" the ownership of those devices when it boots, as when I changed it, it didn't survive a reboot).
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- using TCPDump Antonio I. (Dec 25)
- Re: using TCPDump Guy Harris (Dec 25)
- Re: using TCPDump Antonio I. (Dec 25)
- Re: using TCPDump Guy Harris (Dec 27)
- Re: using TCPDump Antonio I. (Dec 28)
- Re: using TCPDump Guy Harris (Dec 29)
- Re: using TCPDump Antonio I. (Dec 29)
- Re: using TCPDump Guy Harris (Dec 30)
- Re: using TCPDump Antonio I. (Dec 25)
- Re: using TCPDump Guy Harris (Dec 25)