From: Jim March <1.jim.march@gmail.com>
> According to ifconfig the interface I'm trying to monitor is:
> wlan0     Link encap:Ethernet  HWaddr 00:14:d1:c8:b4:bf
>           inet addr:10.0.1.4  Bcast:10.0.1.255  Mask:255.255.255.0

Are you sure?  That looks like the IP of the Linux box.  The Doze VM you're
trying to monitor will have a different IP, unless you're using bridging in
virtualbox.  Are you using bridging/shared networking there?  That may cause
things to be different.  Can't tell for sure; my virtualbox setup's at home.

> jim@jim-lappy:~$ sudo tcpdump -s 0 -w file.pca 10.0.1.4
> tcpdump: WARNING: eth0: no IPv4 address assigned
> tcpdump: syntax error

Yeah, you didn't get the syntax right.  Take a look at what you posted
previously:

>>> jim@jim-lappy:~$ tcpdump -s 0 -w file.pcap host 127.0.0.1

..."host 127.0.0.1" means "capture all packets that have a source or
destination address of 127.0.0.1".  Just putting in an IP without a
host/src/dst keyword won't get anything but an error.  So, try again, make
sure you've got the correct IP in the host file, or if you're not sure where
the VM's IP is, then you can do something like 10.0.1.0/24 and retrieve
packets from the whole subnet.  It's better to be as specific as possible when
doing the capture, so you have as few packets you're not interested in as you
can.  That makes subsequent analysis easier.

-- 
Matt G / Dances With Crows
The Crow202 Blog:  http://crow202.org/wordpress/
There is no Darkness in Eternity/But only Light too dim for us to see

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss