Package: ngrep
Version: 1.45.ds2-6
Severity: important
hi!
when trying to dump traffic on "any" interface, here
is what I get from ngrep.
galador:/home/cco/ngrep-1.45.ds2# ngrep -d any
interface: any
fatal: unsupported interface type 113
same error happens when I try to read pcap files
that were captured using the "any" interface under linux.
I had a look at the debian conf/building rules. basically
what happens is that ./configure is called using:
--with-pcap-includes=/usr/include
which results in:
checking for DLT_LINUX_SLL in bpf.h... no
which in its turn seems to turn off:
HAVE_DLT_LINUX_SLL.
now, a quick look at the code (ngrep.c, line 531) reveals:
switch(pcap_datalink(pd)) {
case DLT_EN10MB:
link_offset = ETHHDR_SIZE;
break;
case DLT_IEEE802:
link_offset = TOKENRING_SIZE;
break;
case DLT_FDDI:
link_offset = FDDIHDR_SIZE;
break;
case DLT_SLIP:
link_offset = SLIPHDR_SIZE;
break;
case DLT_PPP:
link_offset = PPPHDR_SIZE;
break;
#if HAVE_DLT_LOOP
case DLT_LOOP:
#endif
case DLT_NULL:
link_offset = LOOPHDR_SIZE;
break;
#if HAVE_DLT_RAW
case DLT_RAW:
link_offset = RAWHDR_SIZE;
break;
#endif
#if HAVE_DLT_LINUX_SLL
case DLT_LINUX_SLL:
link_offset = ISDNHDR_SIZE;
break;
#endif
#if HAVE_DLT_IEEE802_11_RADIO
case DLT_IEEE802_11_RADIO:
radiotap_present = 1;
#endif
#if HAVE_DLT_IEEE802_11
case DLT_IEEE802_11:
link_offset = IEEE80211HDR_SIZE;
break;
#endif
default:
fprintf(stderr, "fatal: unsupported interface type %u\n",
pcap_datalink(pd));
clean_exit(-1);
}
so, when HAVE_DLT_LINUX_SLL is not defined, the interface type
DLT_LINUX_SLL is not taken into account, resulting in the error above.
using:
--with-pcap-includes=/usr/include/pcap re
for configure seems to turn HAVE_DLT_LINUX_SLL on:
checking for DLT_LINUX_SLL in bpf.h... yes
c...@galador:~/ngrep-1.45.ds2$ grep HAVE_DLT_LINUX_SLL *.h
config.h:#define HAVE_DLT_LINUX_SLL 1
I have not checked whether this really solves the problem though.
please investigate further.
bye now!
cristian
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30.2amd64-galador (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages ngrep depends on:
ii libc6 2.9-23 GNU C Library: Shared libraries
ii libnet1 1.1.4-2 library for the construction and h
ii libpcap0.8 1.0.0-4 system interface for user-level pa
ii libpcre3 7.8-2 Perl 5 Compatible Regular Expressi
ngrep recommends no packages.
ngrep suggests no packages.
-- debconf-show failed
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
