tcpdump mailing list archives
Re: live capture Ethernet gives me zero-packets
From: Andrej van der Zee <andrejvanderzee () gmail com>
Date: Tue, 5 Apr 2011 12:37:02 +0900
Hi Guy, Thanks for the email.
(No, the "any" device doesn't give you Ethernet packets, even if, at the time you start the capture, the only interfaces on your machine are Ethernet interfaces. If you want to capture on a particular Ethernet device, use its name, e.g. "eth0", in which case you'll presumably get packets that have Ethernet headers - although you should probably check the value returned by pcap_datalink() whenever you do any pcap_open call, including pcap_open_offline() to read from a savefile, or when you do pcap_create()/.../pcap_activate().)-
Indeed I assumed that since I have only ethernet interfaces that the link-type for any would be EN10MB. Now I now this is false on Linux when using "any". Greets, Andrej - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- live capture Ethernet gives me zero-packets Andrej van der Zee (Apr 03)
- Re: live capture Ethernet gives me zero-packets Guy Harris (Apr 04)
- Re: live capture Ethernet gives me zero-packets Andrej van der Zee (Apr 04)
- Re: live capture Ethernet gives me zero-packets Michael Richardson (Apr 28)
- Re: live capture Ethernet gives me zero-packets Guy Harris (Apr 27)
- Re: live capture Ethernet gives me zero-packets Andrej van der Zee (Apr 04)
- Re: live capture Ethernet gives me zero-packets Guy Harris (Apr 04)