Security-related question

Jim March 1.jim.march at gmail.com
Tue Feb 22 09:35:51 MST 2011 

Ah...OK, I think I'm getting somewhere.  BUT...

According to ifconfig the interface I'm trying to monitor is:

---
wlan0     Link encap:Ethernet  HWaddr 00:14:d1:c8:b4:bf
          inet addr:10.0.1.4  Bcast:10.0.1.255  Mask:255.255.255.0
          inet6 addr: fe80::214:d1ff:fec8:b4bf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:980 errors:0 dropped:0 overruns:0 frame:0
          TX packets:247 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:189416 (189.4 KB)  TX bytes:33908 (33.9 KB)
---

So I try:

---
jim at jim-lappy:~$ sudo tcpdump -s 0 -w file.pca 10.0.1.4
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: syntax error
jim at jim-lappy:~$
---

On Tue, Feb 22, 2011 at 9:28 AM, Matt Graham <danceswithcrows at usa.net>wrote:

> From: Jim March <1.jim.march at gmail.com>
> > jim at jim-lappy:~$ tcpdump -s 0 -w file.pcap host 127.0.0.1
> > tcpdump: no suitable device found
>
> That's the loopback interface, and will not have what you're looking for on
> it.  tcpdump under Linux must be run as root unless you have the
> "capability"
> stuff turned on and active in your kernel, and the user you're running
> tcpdump
> as has the CAP_NET_RAW privilege.  The error message I get is exactly the
> same
> when I try to run tcpdump as a non-root user.
>
> > So I ran Wireshark and it doesn't see an interface it can use.
>
> You're generally discouraged from running wireshark as a capture tool,
> since
> it'll only capture stuff when run as root, and wireshark is far more
> complex
> than tcpdump.
>
> > I think I have an Atheros mini-PCI-express I can bolt into this Dell
> > I'm using at the moment...will that help?
>
> I don't think it's hardware, but privileges that are causing the problem.
>  Try
> running tcpdump as root, using the real IP of the VM for the "host"
> parameter,
> and seeing what you get.
>
> --
> Matt G / Dances With Crows
> The Crow202 Blog:  http://crow202.org/wordpress/
> There is no Darkness in Eternity/But only Light too dim for us to see
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110222/5ef6ab25/attachment.html>

More information about the PLUG-discuss mailing list