Re: Security-related question

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMatt Graham at <-
MMatt Graham at ->
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Jim March
Date:  
To: Main PLUG discussion list
Subject: Re: Security-related question
Ah...OK, I think I'm getting somewhere. BUT...

According to ifconfig the interface I'm trying to monitor is: 

---
wlan0     Link encap:Ethernet  HWaddr 00:14:d1:c8:b4:bf
          inet addr:10.0.1.4  Bcast:10.0.1.255  Mask:255.255.255.0
          inet6 addr: fe80::214:d1ff:fec8:b4bf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:980 errors:0 dropped:0 overruns:0 frame:0
          TX packets:247 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:189416 (189.4 KB)  TX bytes:33908 (33.9 KB)
---


So I try:

---
jim@jim-lappy:~$ sudo tcpdump -s 0 -w file.pca 10.0.1.4
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: syntax error
jim@jim-lappy:~$
---

On Tue, Feb 22, 2011 at 9:28 AM, Matt Graham <>wrote:

> From: Jim March <>
> > jim@jim-lappy:~$ tcpdump -s 0 -w file.pcap host 127.0.0.1
> > tcpdump: no suitable device found
>
> That's the loopback interface, and will not have what you're looking for on
> it. tcpdump under Linux must be run as root unless you have the
> "capability"
> stuff turned on and active in your kernel, and the user you're running
> tcpdump
> as has the CAP_NET_RAW privilege. The error message I get is exactly the
> same
> when I try to run tcpdump as a non-root user.
>
> > So I ran Wireshark and it doesn't see an interface it can use.
>
> You're generally discouraged from running wireshark as a capture tool,
> since
> it'll only capture stuff when run as root, and wireshark is far more
> complex
> than tcpdump.
>
> > I think I have an Atheros mini-PCI-express I can bolt into this Dell
> > I'm using at the moment...will that help?
>
> I don't think it's hardware, but privileges that are causing the problem.
> Try
> running tcpdump as root, using the real IP of the VM for the "host"
> parameter,
> and seeing what you get.
>
> --
> Matt G / Dances With Crows
> The Crow202 Blog: http://crow202.org/wordpress/
> There is no Darkness in Eternity/But only Light too dim for us to see
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Security-related questionRe: Security-related question->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)