why does "tcpdump -i any" not work on opensuse?

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

why does "tcpdump -i any" not work on opensuse?

Low Kian Seong-4
Hi all,

Does anyone know why 'tcpdump -i any' ends up in something like this:

tcpdump: SIOCGIFHWADDR: No such device

The command works fine in fedora with the same version of libpcap and tcpdump.

Thanks in advance.
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

Per Jessen-2
Low Kian Seong wrote:

> Hi all,
>
> Does anyone know why 'tcpdump -i any' ends up in something like this:
>
> tcpdump: SIOCGIFHWADDR: No such device
>
> The command works fine in fedora with the same version of libpcap and
> tcpdump.

I've just tried it on my openSUSE 10.3 - works fine:

# tcpdump -n -i any port 45
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96
bytes

However, on 11.1 it doesn't work.  I think perhaps you should write a
bugreport.


/Per

--
Per Jessen, Zürich (-0.25°C)

--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

Low Kian Seong-4
On Mon, Feb 2, 2009 at 5:28 PM, Per Jessen <[hidden email]> wrote:

> Low Kian Seong wrote:
>
>> Hi all,
>>
>> Does anyone know why 'tcpdump -i any' ends up in something like this:
>>
>> tcpdump: SIOCGIFHWADDR: No such device
>>
>> The command works fine in fedora with the same version of libpcap and
>> tcpdump.
>
> I've just tried it on my openSUSE 10.3 - works fine:

Ah yes. It works on 11.0 too. Just tested in on my remote boxen.

>
> # tcpdump -n -i any port 45
> tcpdump: WARNING: Promiscuous mode not supported on the "any" device
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 96
> bytes
>
> However, on 11.1 it doesn't work.  I think perhaps you should write a
> bugreport.
>
>
> /Per
>
> --
> Per Jessen, Zürich (-0.25°C)
>
> --
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

Low Kian Seong-4
In reply to this post by Per Jessen-2
On Mon, Feb 2, 2009 at 5:28 PM, Per Jessen <[hidden email]> wrote:
> Low Kian Seong wrote:
>
>> Hi all,
>>
>> Does anyone know why 'tcpdump -i any' ends up in something like this:
>>
>> tcpdump: SIOCGIFHWADDR: No such device

Could some running 11.1 confirm this? Thanks.

>>
>> The command works fine in fedora with the same version of libpcap and
>> tcpdump.
>
> I've just tried it on my openSUSE 10.3 - works fine:
>
> # tcpdump -n -i any port 45
> tcpdump: WARNING: Promiscuous mode not supported on the "any" device
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 96
> bytes
>
> However, on 11.1 it doesn't work.  I think perhaps you should write a
> bugreport.
>
>
> /Per
>
> --
> Per Jessen, Zürich (-0.25°C)
>
> --
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

Randall Schulz
In reply to this post by Low Kian Seong-4
On Sunday February 1 2009, Low Kian Seong wrote:

> Hi all,
>
> Does anyone know why 'tcpdump -i any' ends up in something like this:
>
> tcpdump: SIOCGIFHWADDR: No such device
>
> The command works fine in fedora with the same version of libpcap and
> tcpdump.
>
> Thanks in advance.

Without really knowing what I'm doing (tcpdump isn't in my repertoire),
I get precisely the same result on my openSUSE 11.1 installation:

% tcpdump -i any
tcpdump: SIOCGIFHWADDR: No such device


However, if I use an explicit interface, it seems to work:

% tcpdump -a eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
08:27:55.348995 IP smiley.19150 > twain.33852: P 420542334:420542637(303) ack 3361969049 win 46 <nop,nop,timestamp
624826351 235307519>
08:27:55.349037 IP twain.33852 > smiley.19150: . ack 303 win 1002 <nop,nop,timestamp 235307568 624826351>
08:27:55.548955 IP smiley.19150 > twain.33852: P 303:412(109) ack 1 win 46 <nop,nop,timestamp 624826401 235307568>
08:27:55.549016 IP twain.33852 > smiley.19150: . ack 412 win 1002 <nop,nop,timestamp 235307618 624826401>
...


Perhaps the problem with "any" is the extra VMware interfaces on my
system?

% ifconfig |egrep -v '^ |^$'
eth0      Link encap:Ethernet  HWaddr 00:xx:xx:xx:xx:xx
lo        Link encap:Local Loopback
vmnet1    Link encap:Ethernet  HWaddr 00:50:56:C0:00:01
vmnet8    Link encap:Ethernet  HWaddr 00:50:56:C0:00:08


Randall Schulz
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

Randall Schulz
On Monday February 2 2009, Randall R Schulz wrote:
> ...
>
> However, if I use an explicit interface, it seems to work:
>
> % tcpdump -a eth0

I didn't actually use "-a", I used "-i" and made a typo in the email.


> ...


RRS

--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

Pete Connolly
In reply to this post by Low Kian Seong-4
On Monday 02 Feb 2009 16:17:51 Low Kian Seong wrote:

> On Mon, Feb 2, 2009 at 5:28 PM, Per Jessen <[hidden email]> wrote:
> > Low Kian Seong wrote:
> >> Hi all,
> >>
> >> Does anyone know why 'tcpdump -i any' ends up in something like this:
> >>
> >> tcpdump: SIOCGIFHWADDR: No such device
>
> Could some running 11.1 confirm this? Thanks.
>
Same here on 11.1 patched this morning:

tcpdump -i any
tcpdump: SIOCGIFHWADDR: No such device

Cheers

Pete

--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

Per Jessen-2
In reply to this post by Low Kian Seong-4
Low Kian Seong wrote:

> On Mon, Feb 2, 2009 at 5:28 PM, Per Jessen <[hidden email]> wrote:
>> Low Kian Seong wrote:
>>
>>> Hi all,
>>>
>>> Does anyone know why 'tcpdump -i any' ends up in something like
>>> this:
>>>
>>> tcpdump: SIOCGIFHWADDR: No such device
>
> Could some running 11.1 confirm this? Thanks.
>

I already did in my earlier post.



--
Per Jessen, Zürich (0.18°C)

--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

Randall Schulz
In reply to this post by Randall Schulz
On Monday February 2 2009, Randall R Schulz wrote:

> ...
>
>
> Perhaps the problem with "any" is the extra VMware interfaces on my
> system?
>
> % ifconfig |egrep -v '^ |^$'
> eth0      Link encap:Ethernet  HWaddr 00:xx:xx:xx:xx:xx
> lo        Link encap:Local Loopback
> vmnet1    Link encap:Ethernet  HWaddr 00:50:56:C0:00:01
> vmnet8    Link encap:Ethernet  HWaddr 00:50:56:C0:00:08


I tried one other thing, each of the other interfaces explicitly and
individually. Check it out:

% tcpdump -i vmnet1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmnet1, link-type EN10MB (Ethernet), capture size 96 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel

% tcpdump -i vmnet8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmnet8, link-type EN10MB (Ethernet), capture size 96 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel

% tcpdump -i lo0
tcpdump: SIOCGIFHWADDR: No such device


(The VMware wasn't running at the time I did this, so no traffic was
captured.)

So I suppose if when using "any" the first thing tcpdump happened to try
was "lo0" it gets this error (which I decode intuitively as "Socket IO
Control Get InterFace HardWare ADDRess") and gives up. By the way,
according to the tcpdump manual page, "any" really is more like "all."


Randall Schulz
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

auxsvr
In reply to this post by Low Kian Seong-4
On Monday 02 February 2009, Low Kian Seong wrote:
> Hi all,
>
> Does anyone know why 'tcpdump -i any' ends up in something like this:
>
> tcpdump: SIOCGIFHWADDR: No such device
>
> The command works fine in fedora with the same version of libpcap and
> tcpdump.

On opensuse 11.1:

~/ # tcpdump -i any
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes

and the capture follows. Do you use wireless interfaces? What's the output of
ip link list?

> Thanks in advance.

Regards
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

Pavol Rusnak-2
In reply to this post by Per Jessen-2
Per Jessen wrote:

> However, on 11.1 it doesn't work.  I think perhaps you should write a
> bugreport.

There already is - so don't open the new one, just subscribe to this one:

http://bugzilla.novell.com/show_bug.cgi?id=463182

--
Best Regards / S pozdravom,

Pavol RUSNAK                                       SUSE LINUX, s.r.o
Package Maintainer                                Lihovarska 1060/12
PGP 0xA6917144                                     19000 Praha 9, CR
prusnak[at]suse.cz                                http://www.suse.cz
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

Low Kian Seong-4
In reply to this post by auxsvr
> On opensuse 11.1:
>
> ~/ # tcpdump -i any
> tcpdump: WARNING: Promiscuous mode not supported on the "any" device
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
>
> and the capture follows. Do you use wireless interfaces? What's the output of
> ip link list?

Yes  I do use wireless. I am testing this on my laptop (Thinkpad x61)
and ip link list output is as follows:
bobot-ng:/home/lowks # ip link list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
state DOWN qlen 1000
    link/ether 00:16:d3:3e:5f:01 brd ff:ff:ff:ff:ff:ff
3: wmaster0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN qlen 1000
    link/ieee802.11 00:1d:e0:84:f5:d7 brd ff:ff:ff:ff:ff:ff
4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
    link/ether 00:1d:e0:84:f5:d7 brd ff:ff:ff:ff:ff:ff
5: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
    link/ether e6:9d:ee:ae:41:7f brd ff:ff:ff:ff:ff:ff


>
>> Thanks in advance.
>
> Regards
> --
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: why does "tcpdump -i any" not work on opensuse?

auxsvr
On Monday 02 February 2009, Low Kian Seong wrote:

> > On opensuse 11.1:
> >
> > ~/ # tcpdump -i any
> > tcpdump: WARNING: Promiscuous mode not supported on the "any" device
> > tcpdump: verbose output suppressed, use -v or -vv for full protocol
> > decode listening on any, link-type LINUX_SLL (Linux cooked), capture size
> > 96 bytes
> >
> > and the capture follows. Do you use wireless interfaces? What's the
> > output of ip link list?
>
> Yes  I do use wireless. I am testing this on my laptop (Thinkpad x61)
> and ip link list output is as follows:
> bobot-ng:/home/lowks # ip link list
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> 2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
> state DOWN qlen 1000
>     link/ether 00:16:d3:3e:5f:01 brd ff:ff:ff:ff:ff:ff
> 3: wmaster0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UNKNOWN qlen 1000
>     link/ieee802.11 00:1d:e0:84:f5:d7 brd ff:ff:ff:ff:ff:ff
> 4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
>     link/ether 00:1d:e0:84:f5:d7 brd ff:ff:ff:ff:ff:ff
> 5: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
>     link/ether e6:9d:ee:ae:41:7f brd ff:ff:ff:ff:ff:ff

I was using libpcap from opensuse 11, after updating to libpcap0-0.9.8-47.43 I
have exactly the same problem as you.

Regards
--
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]