Re: dumping net traffic to log file
im trying the command tcpdump -i em0 traffic.log and i get the response tcpdump: (no devices found) /dev/bpf0: No such file or directory im doing it as root. this is a dell poweredge 2850 and we are using the standard gigabit network cards that came onboard. here are the details on the nic em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=bRXCSUM,TXCSUM,VLAN_MTU inet 192.168.245.246 netmask 0xff00 broadcast 192.168.245.255 ether 00:13:72:56:aa:ca media: Ethernet autoselect (100baseTX half-duplex) status: active in my dev directory em0 is mapped to net1. when i try the same command with net1, i get the same thing. Darrin Chandler wrote: On Mon, Jul 24, 2006 at 03:20:32PM -0400, Steel City Phantom wrote: i am troubleshooting an application and am having a hell of a time with it. with bsd 6.1 is there a way where i can dump all traffic coming over the nic to a log file so i can see exactly what is coming in? tcpdump works nicely for this. :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumping net traffic to log file
Steel City Phantom wrote: [ ...top posting is confusing... ] im trying the command tcpdump -i em0 traffic.log and i get the response tcpdump: (no devices found) /dev/bpf0: No such file or directory You'll need to recompile your kernel with device bpf, although it is normally enabled in the GENERIC kernel by default. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumping net traffic to log file
Do you have string `device bpf ` in youe kernel config? 2006/7/25, Steel City Phantom [EMAIL PROTECTED]: im trying the command tcpdump -i em0 traffic.log and i get the response tcpdump: (no devices found) /dev/bpf0: No such file or directory im doing it as root. this is a dell poweredge 2850 and we are using the standard gigabit network cards that came onboard. here are the details on the nic em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=bRXCSUM,TXCSUM,VLAN_MTU inet 192.168.245.246 netmask 0xff00 broadcast 192.168.245.255 ether 00:13:72:56:aa:ca media: Ethernet autoselect (100baseTX half-duplex) status: active in my dev directory em0 is mapped to net1. when i try the same command with net1, i get the same thing. Darrin Chandler wrote: On Mon, Jul 24, 2006 at 03:20:32PM -0400, Steel City Phantom wrote: i am troubleshooting an application and am having a hell of a time with it. with bsd 6.1 is there a way where i can dump all traffic coming over the nic to a log file so i can see exactly what is coming in? tcpdump works nicely for this. :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Alexey Karguine ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumping net traffic to log file
Great, im making good progress here. it seems like tcpdump only captures the headers, is there a way to capture the entire packet, data and all? thanks guys Chuck Swiger wrote: Steel City Phantom wrote: [ ...top posting is confusing... ] im trying the command tcpdump -i em0 traffic.log and i get the response tcpdump: (no devices found) /dev/bpf0: No such file or directory You'll need to recompile your kernel with device bpf, although it is normally enabled in the GENERIC kernel by default. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumping net traffic to log file
In the last episode (Jul 25), Steel City Phantom said: Great, im making good progress here. it seems like tcpdump only captures the headers, is there a way to capture the entire packet, data and all? tcpdump only displays a packet summary by default. If you want to see the full packet data, use -X. It's better if you don't do this during capture, though, since it may cause you to drop packets. capture to a file with the -w flag (possibly with -s0 to capture the entire packet), then view the data later with -r. See the manpage for more details. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumping net traffic to log file
Steel City Phantom wrote: Great, im making good progress here. it seems like tcpdump only captures the headers, is there a way to capture the entire packet, data and all? Use -s 0. tcpdump is closer to the equivalent of a network toolbox than merely a swiss army knife, but you may find that dumping to a file and reading that file from another process does better (via -i -o flags), especially under higher traffic volume. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumping net traffic to log file
Chuck Swiger wrote: [ ...stuff about tcpdump options... ] (via -i -o flags) Sorry, I was thinking of something else-- tcpdump uses -r -w. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumping net traffic to log file
On Tue, Jul 25, 2006 at 01:39:49PM -0400, Steel City Phantom wrote: Great, im making good progress here. it seems like tcpdump only captures the headers, is there a way to capture the entire packet, data and all? In addition the the other fine answers you got, after you've written to a file with -w and are later reading it with -r you can raise the snaplength with -s to view a bit more without seeing the whole packet. Often that's a nice way to narrow things down when you don't yet know exactly what you're looking for. Also, you will want to get familiar with filter expressions, which may appear at the end of the tcpdump command: tcpdump ... host 192.168.10.100 and port 999 would only show traffic for port 999 to or from 192.168.10.11, for instance. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
dumping net traffic to log file
i am troubleshooting an application and am having a hell of a time with it. with bsd 6.1 is there a way where i can dump all traffic coming over the nic to a log file so i can see exactly what is coming in? thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dumping net traffic to log file
On Mon, Jul 24, 2006 at 03:20:32PM -0400, Steel City Phantom wrote: i am troubleshooting an application and am having a hell of a time with it. with bsd 6.1 is there a way where i can dump all traffic coming over the nic to a log file so i can see exactly what is coming in? tcpdump works nicely for this. :) -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]