On 12/29/2011 02:09 AM, Mick wrote:
On Thursday 29 Dec 2011 07:10:19 Lubos Kolouch wrote:
walt, Wed, 28 Dec 2011 17:01:59 -0800:
Sometime in the last month or so (when I wasn't looking) my ~x86 and
~amd64 machines quit working when I try to run wireshark or tcpdump,
etc, but I don't know exactly when or why. (My amd64 machine still
sniffs packets normally.)
I get this same error from any packet sniffing app:
Can't open netlink socket 93:Protocol not supported
Strace shows that this is the failing system call:
socket(PF_NETLINK, SOCK_RAW, 12) = -1 EPROTONOSUPPORT (Protocol not
supported)
That makes me think of some missing kernel config that may have been
added or modified in recent kernels, so I tried gentoo-sources-3.0.6
(same as my working amd64 machine) with no joy. Same error message.
Have I missed some important gentoo bulletin about networking recently?
Anyone have working packet sniffing on ~arch?
Hi,
If I remember correctly, I needed to set
Networking support -> Networking options -> Network packet filtering
framework (Netfilter) -> Core Netfilter Configuration -> Netfilter
connection tracking support
It has been a while though, so it may be another option in the
netfilter config - just try it :)
Lubos
tcpdump-3.9.8-r1 and kernel-3.0.6-gentoo works fine here with no errors.
Thanks guys. I enabled all of the netfilter stuff as modules, then ran
tcpdump. Turns out that tcpdump loaded only the 'nfnetlink' module, which
makes good sense given my original 'NETLINK' error message.
This change appears to be somewhere in userland, though, not in the kernel
per se. I copied the kernel .config file from my working amd64 machine
to the 'broken' ~amd64 machine and recompiled the kernel.
No improvement. I had to enable the nfnetlink module to make packet sniffing
work again. I suppose one of the networking packages changed in a recent ~arch
update.
