tcpdump mailing list archives

Re: using TCPDump

From: "Antonio I." <cocoadeveloper () netscape net>
Date: Wed, 25 Dec 2002 17:29:07 -0500

Gharris, first of all, thanks for your answer. I don't know what youmean by "if you are running it by yourself". I suppose you don't meanthe super user account, which I always am. I am always root. (Don't eventhink about it I am behind a firewall). What you are saying is that I donot have permission to open the bpf devices. But how could I not? Ithink you are aiming at the answer but I don't think that this isexactly it. Maybe there is something else (maybe there is somethingwrong with the bpf device files from Apple). Let me ask you, what systemare you using? When you first went on to use tcpdump, what did you do toget it working? Did something similar happened to you? I reallyappreciate your time gharris, thanks a lot and hope to hear from you.

Tony


gharris () sonic net wrote:

Antonio I. said:

I try this: tcpdump host 192.168.2.8, my LAN IP. I get the same error
message as above. Is this the right way to do it? If so why am I getting
the "no suitable device found" message,


That depends on the OS on which you're running tcpdump and the account
under which you're running it.

and what does that mean?

Is this normal behaviour for a first-run of tcpdump? This program came
with my darwin dist


OK, so the OS is Darwin/MacOS X.

If you are running it as yourself, you will probably not have permission
to capture packets, as you will not, by default, have permission to open
the BPF devices:

[localhost:/dev] % ls -l bpf*
crw-------  1 root  wheel  7, 0 Dec 25 14:19 bpf0
crw-------  1 root  wheel  7, 1 Dec 25 14:09 bpf1
crw-------  1 root  wheel  7, 2 Dec 25 14:09 bpf2
crw-------  1 root  wheel  7, 3 Dec 25 14:09 bpf3

You would either have to

1) run it as root using "sudo";

2) use "sudo" to change the ownership of the BPF devices to yourself
(unfortunately, it appears that a "chown" doesn't pass through the union
mount to the underlying file system, or that the system "fixes" the
ownership of those devices when it boots, as when I changed it, it didn't
survive a reboot).



-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

using TCPDump Antonio I. (Dec 25)
- Re: using TCPDump Guy Harris (Dec 25)
  - Re: using TCPDump Antonio I. (Dec 25)
    - Re: using TCPDump Guy Harris (Dec 27)
    - Re: using TCPDump Antonio I. (Dec 28)
    - Re: using TCPDump Guy Harris (Dec 29)
    - Re: using TCPDump Antonio I. (Dec 29)
    - Re: using TCPDump Guy Harris (Dec 30)