tcpdump problem
Hello, I am working on PPPoE. I use FreeBSD 5.3. I want to capture packets from the interfaces eth and ppp. I used for that this command tcpdump -e -i rl0 -n -s0 -w /home/dump_eth when I analyse the packets with ethereal, I have all details, but when I read the content of the file dump_eth with the command tcpdump -r dump_zth, I haven't the whole packet, that's mean, I obtain all the information but I don't obtain the data. Have you some idea? I want to have the content of the packets in hexa to use it in my work. Can you help me please? many thanks, Souha ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tcpdump problem
You do not have all the details with ethereal. That's because you are *telling* tcpdump not to sniff them. You are instructing it to take just the headers with the '-s' switch (zero payload: -s0). Try 1500 instead of 0 and you will get what you desire. -- Peter --- bannour souha [EMAIL PROTECTED] wrote: Hello, I am working on PPPoE. I use FreeBSD 5.3. I want to capture packets from the interfaces eth and ppp. I used for that this command tcpdump -e -i rl0 -n -s0 -w /home/dump_eth when I analyse the packets with ethereal, I have all details, but when I read the content of the file dump_eth with the command tcpdump -r dump_zth, I haven't the whole packet, that's mean, I obtain all the information but I don't obtain the data. Have you some idea? I want to have the content of the packets in hexa to use it in my work. Can you help me please? many thanks, Souha ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: tcpdump problem
I tried using -XX and -s1500 like it was advised by Peter, but the problem persists : I have the content of the PPP Compressed packets, but I haven't the content of the RTP packets not compressed. My work consists on compressing a video stream before sending it and I capture the packets to analyse them. So, I want to have the compressed and not compressed packets details. but I have only the content of the compressed packets in hexa :( Souha --- Gregory Nou [EMAIL PROTECTED] a écrit : bannour souha wrote: Hello, I am working on PPPoE. I use FreeBSD 5.3. I want to capture packets from the interfaces eth and ppp. I used for that this command tcpdump -e -i rl0 -n -s0 -w /home/dump_eth when I analyse the packets with ethereal, I have all details, but when I read the content of the file dump_eth with the command tcpdump -r dump_zth, I haven't the whole packet, that's mean, I obtain all the information but I don't obtain the data. Have you some idea? I want to have the content of the packets in hexa to use it in my work. Can you help me please? many thanks, Souha Look at -X and -XX option in the man. IIRC, that should do the trick. -- Gregory ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
tcpdump problem
I am running FreeBSD 3.4 with the GENERIC kernel which has the line pseudo-device bpfilter 1 uncommented in the config. I also re-built and re-installed GENERIC just to be sure. /dev/bpf0 has rw permissions for the owner (root). There are no other bpf devices in /dev. When I su to root and run tcpdump, I get the message tcpdump: /dev/bpf1: No such file or directory. Can anyone help? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: tcpdump problem
On Jan 8 Brendan Kosowski wrote: I am running FreeBSD 3.4 with the GENERIC kernel which has the line pseudo-device bpfilter 1 uncommented in the config. I also re-built and re-installed GENERIC just to be sure. /dev/bpf0 has rw permissions for the owner (root). There are no other bpf devices in /dev. When I su to root and run tcpdump, I get the message tcpdump: /dev/bpf1: No such file or directory. Can anyone help? Maybe /dev/bpf0 already in use by another process. The simplest solution is to rebuild the kernel with increased number of devices, like `pseudo-device bpfilter 4'. -andrew To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: tcpdump problem
On Wed, 8 Jan 2003, Brendan Kosowski wrote: I am running FreeBSD 3.4 with the GENERIC kernel which has the line pseudo-device bpfilter 1 uncommented in the config. I also re-built and re-installed GENERIC just to be sure. /dev/bpf0 has rw permissions for the owner (root). There are no other bpf devices in /dev. When I su to root and run tcpdump, I get the message tcpdump: /dev/bpf1: No such file or directory. Someone else is using bpf0 (dhcp perhaps?), so tcpdump tries to open bpf1. You only have one bpf in the kernel, so you're out of luck and you'll have to recompile the kernel. Change pseudo-device bpfilter 1 to pseudo-device bpfilter 4, rebuild and reinstall the kernel. Then (or while you're rebuilding the kernel), go to /dev/ and do './MAKEDEV bpf1' (and 2 and 3). After the reboot, it should work fine. Fer PS: why are you using such an old version? unless you have a very good reason, you should upgrade Can anyone help? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: tcpdump problem
Thanks, pseudo-device bpfilter 2 in the kernel and making /dev/bpf1 fixed my problem. I am running the dhcp server, so that explains why I could not use /dev/bpf0. Cheers... P.S. - I prefer not to upgrade my O.S. because down time is out of the question. Instead, I upgrade my server progs now and then (from the latest source code if possible). - On Tue, 7 Jan 2003, Fernando Gleiser wrote: On Wed, 8 Jan 2003, Brendan Kosowski wrote: I am running FreeBSD 3.4 with the GENERIC kernel which has the line pseudo-device bpfilter 1 uncommented in the config. I also re-built and re-installed GENERIC just to be sure. /dev/bpf0 has rw permissions for the owner (root). There are no other bpf devices in /dev. When I su to root and run tcpdump, I get the message tcpdump: /dev/bpf1: No such file or directory. Someone else is using bpf0 (dhcp perhaps?), so tcpdump tries to open bpf1. You only have one bpf in the kernel, so you're out of luck and you'll have to recompile the kernel. Change pseudo-device bpfilter 1 to pseudo-device bpfilter 4, rebuild and reinstall the kernel. Then (or while you're rebuilding the kernel), go to /dev/ and do './MAKEDEV bpf1' (and 2 and 3). After the reboot, it should work fine. Fer PS: why are you using such an old version? unless you have a very good reason, you should upgrade Can anyone help? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message