Security-related question

[Jim March]

Sigh.

I've looked the manual over for tcpdump:

http://www.tcpdump.org/tcpdump_man.html

I've tried the commands:

---
jim at jim-lappy:~$ sudo tcpdump -s 0 -w -i file.pca host 10.0.1.4
[sudo] password for jim:
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: syntax error
jim at jim-lappy:~$ sudo tcpdump -s 0 -w -i any file.pca host 10.0.1.4
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: syntax error
jim at jim-lappy:~$ sudo tcpdump -s 0 -w -i any file.pca
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: syntax error
jim at jim-lappy:~$
---

The man page doesn't give enough examples to tell me how to do this.
Dangit...any idea what the exact syntax might be?

WAIT, nevermind, on a hunch I tried using Wireshark with sudo.  Bingo.
Would have been nice to know...sigh.

Jim

On Tue, Feb 22, 2011 at 12:15 PM, Matt Graham <danceswithcrows at usa.net>wrote:

> From: Jim March <1.jim.march at gmail.com>
> > jim at jim-lappy:~$ sudo tcpdump -s 0 -w file.pca host 10.0.1.4
> > tcpdump: WARNING: eth0: no IPv4 address assigned
> > tcpdump: listening on eth0, link-type EN10MB (Ethernet)
> >
> > This comes closer, but...it's still listening on eth0.
> > How do I point it to wlan0?
>
> The Fine Manual for tcpdump suggests the -i option.  tcpdump goes to the
> lowest-numbered interface by default, which is sensible, but is not always
> what you want.
>
> --
> Matt G / Dances With Crows
> The Crow202 Blog:  http://crow202.org/wordpress/
> There is no Darkness in Eternity/But only Light too dim for us to see
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110222/5d47cf97/attachment.html>