On Wed, Dec 25, 2002 at 05:29:07PM -0500, Antonio I. wrote:
> Gharris, first of all, thanks for your answer. I don't know what you
> mean by "if you are running it by yourself". I suppose you don't mean
> the super user account,
What I mean is "are you running it under a normal user's account, or are
you running it as the super-user"?
> which I always am. I am always root.
I.e., you took the effort to turn on the super-user account, and you
always log in as the super-user? (So that the "id" command reports
"uid=0(root)" - and doesn't report something other than 0 as the EUID?)
OK, although *I* don't do that - I like to run as little stuff as root
as possible.
> (Don't even
> think about it I am behind a firewall). What you are saying is that I do
> not have permission to open the bpf devices.
No, what I am saying is that if you aren't running as root you probably
won't have permission to open the BPF devices.
> But how could I not? I
> think you are aiming at the answer but I don't think that this is
> exactly it. Maybe there is something else (maybe there is something
> wrong with the bpf device files from Apple).
Maybe, but I suspect there's something else wrong - probably something
wrong that's not Apple's fault.
> Let me ask you, what system are you using?
When I typed the commands and entered my original reply, I was using
MacOS X 10.1. I am currently using FreeBSD 3.4, although my iBook is
also plugged into my home network and runnning.
> When you first went on to use tcpdump, what did you do to
> get it working?
I typed
sudo tcpdump
and then, when the MacOS X tcpdump annoyingly selected my inactive
Airport card rather than my active Ethernet interface, typed
sudo tcpdump -i en0
instead.
(That was the tcpdump that comes with MacOS X; I just now compiled
libpcap 0.7.1 and tcpdump 3.7.1, and it selects en0 by default.)
> Did something similar happened to you?
No, I had no problems whatsoever (other than having to tell the MacOS X
tcpdump to use en0 rather than en1) - it certainly didn't tell me that
it didn't find any devices.
I'd suggest you do
ifconfig -a
to get a list of the network devices, and then try running tcpdump with
the "-i" flag specifying the interface that's plugged into your LAN, for
example if that's "en0", do
sudo tcpdump -i en0
(or, if you really *are* logged in as root, just "tcpdump -i en0").
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
