Problem found! :)
If you wait long enough tail will not include the file header and
tcpdump will just die.
tail -F -n +1 $my_pcap | tcpdump -nr -
And you are happy again.
Don't even think about not including -n... Depening on how many log
entrys you have it will be slw.
Cheer
Hi,
I'm logging dropped packets with ulogd2 into a pcap file so that tcpdump
should be able to read it.
At some point tcpdump is not anymore able to read the file and quits
with "unknown file format".
The file command instead is printing a correct header:
/var/log/ulog/ulog
Answer from tcpdump devels:
On 1 apr 2011, at 03:49, Benimaur Gao wrote:
> The info in this one is quite little!! without request parameter,
> without http headers, and even without the essential data return by
> the server!!
[...]
> can anyone give me some clue?
> I suspect
ubThread.html?id=20162669&type=MAINTYPE&operator=H&md5Code=072fa43b87b31865e60aa6fceb24
> >
> > And the second one has been shorted somehow:
> >
> > GET /misc/ccs/deleteClubThread
> >
> > Maybe a different client request or you visited the same page?
rator=H&md5Code=072fa43b87b31865e60aa6fceb24
And the second one has been shorted somehow:
GET /misc/ccs/deleteClubThread
Maybe a different client request or you visited the same page? :-?
> I suspect that it is caused by different version of tcpdump? The dilemma
> is I'
s the first case. Why were they
discarded here?
I suspect that it is caused by different version of tcpdump? The
dilemma is I've
no permission to upgrade the software :(
>20:14:55.127121 IP 10.20.141.138.synchronet-db > 10.20.141.64.35246: P
1:363(362) >ack 213 win 54
On Thu,
On Thu, 31 Mar 2011 20:49:03 +0800, Benimaur Gao wrote:
> I've encountered a problem in using tcpdump. I tried to capture http
> traffic by using the following command:
>
> # tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and
> (((ip[2:2] -
>
Hi, all
I've encountered a problem in using tcpdump.
I tried to capture http traffic by using the following command:
# tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and (((ip[2:2] -
((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
(notes:
etty much the industry standard when it comes to ids.
also, you can either use the new snort format (which is a pita to convert to
pcap format) or you can have it log 'interesting' things to a flat file and
directly look it with tshark or tcpdump or scapy or whatever else you'd
like.
On Fri, Mar 04, 2011 at 03:30:47AM EST, Anand Sivaram wrote:
> Correct, it is wireshark now. Somehow I still remember that with the
> name ethereal :)
In ‘lenny’ at least, there's still a dummy ‘ethereal’ package.. That's
how I found the new name.. couldn't remember it. Anyway, I mentioned it
in
Correct, it is wireshark now. Somehow I still remember that with the name
ethereal :)
On Fri, Mar 4, 2011 at 10:15, Steven Ayre wrote:
> There's tshark too... (part of wireshark but commandline like tcpdump,
> filters are identical to wireshark itself).
>
> -Steve
>
>
&g
There's tshark too... (part of wireshark but commandline like tcpdump, filters
are identical to wireshark itself).
-Steve
On 4 Mar 2011, at 03:11, Chris Jones wrote:
> On Thu, Mar 03, 2011 at 09:00:43AM EST, Anand Sivaram wrote:
>
>> Tcpdump and Ethereal are very similar in
On Thu, Mar 03, 2011 at 09:00:43AM EST, Anand Sivaram wrote:
> Tcpdump and Ethereal are very similar in terms of capture filters.
> They both use libpcap.
I believe they call it ‘wireshark’ these days..
cj
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subj
Can
> someone shed some light on this?
> >
>
> What kind of intrusions are you looking for? TCPDump is a packet analyze so
> what is analyzed is based on what filters you are looking for. TCPDump uses
> the libpcap library to capture packets. You can receive the packets based on
&g
> On Wed, 2 Mar 2011 22:00:41 -0600 wrote:
>
> I have it installed, and I can look up the parameters in the command.
>
> What I don't understand is how I use it to investigate intrusions. Can
> someone shed some light on this?
>
What kind of intrusions are you
I have it installed, and I can look up the parameters in the command.
What I don't understand is how I use it to investigate intrusions. Can someone
shed some light on this?
--
Jason Hsu
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trou
Hi,
I am having some connectivity issues. The arp table is not populated even if
the arp request are successfully transferred on the wire. Which leads to
unsuccessfully ping. When I add a arp entry manually, tcpdump shows replies
but not ping itself.
I have had this problems before only that was
> Date: Mon, 22 Feb 2010 07:21:30 +1100
> From: a...@samad.com.au
> To: debian-user@lists.debian.org
> Subject: Re: tcpdump?
>
> On Sun, Feb 21, 2010 at 04:55:11AM +, Hadi Motamedi wrote:
> >
> >
> >
>
> [snip]
>
> > >
> >
> Date: Sun, 21 Feb 2010 18:11:31 +
> From: tzaf...@cohens.org.il
> To: debian-user@lists.debian.org
> Subject: Re: tcpdump?
>
> On Sat, Feb 20, 2010 at 06:05:50AM +, Hadi Motamedi wrote:
> >
> > Dear All
> > I have put tcpdump trace on po
nd its arguments that the attached network element is sending to my
> Debian server on the specified port . I am seeing communication packets
> exchaned between the network element and my Debian (through opening the log
> on Wireshark) but I want to decode it and find the exact syntax
On Sat, Feb 20, 2010 at 07:19:13AM +0100, frank thyes wrote:
> On Sat, 2010-02-20 at 06:05 +, Hadi Motamedi wrote:
> > Dear All
> > I have put tcpdump trace on port 4957 on my Debian server , as the
> > following :
> > #tcpdump port 4957
> > I want to obtai
On Sat, Feb 20, 2010 at 06:05:50AM +, Hadi Motamedi wrote:
>
> Dear All
> I have put tcpdump trace on port 4957 on my Debian server , as the following :
> #tcpdump port 4957
> I want to obtain the payload data to see what is realy being exchanged
> between my Debian serv
> Date: Sat, 20 Feb 2010 17:51:33 +0200
> From: brentgclarkl...@gmail.com
> To: debian-user@lists.debian.org
> Subject: Re: tcpdump?
>
> On 20/02/2010 12:48, Hadi Motamedi wrote:
> >
> > I tried for the following :
> > #tcpflow -c port 4957
> >
> Date: Sun, 21 Feb 2010 07:32:19 +1100
> From: a...@samad.com.au
> To: debian-user@lists.debian.org
> Subject: Re: tcpdump?
>
> On Sat, Feb 20, 2010 at 07:22:29AM +, Hadi Motamedi wrote:
>
> [snip]
>
> > > try wireshark
>
> [snip]
>
On Sat, Feb 20, 2010 at 07:22:29AM +, Hadi Motamedi wrote:
[snip]
> > try wireshark
[snip]
>
> I have Wireshark on my MS Windows platform . I captured the tcpdump output in
> a file and opened it in Wireshark , but I cannot find how to decode the udp
> payload data in
On 20/02/2010 12:48, Hadi Motamedi wrote:
I tried for the following :
#tcpflow -c port 4957
But it didn't produce any output . Can you please give me a hint?
K Lets start with a silly question
show us
netstat -nalptu | grep 4957
I.e. Do you have actually have something listening on that por
> Date: Sat, 20 Feb 2010 11:15:33 +
> Subject: tcpdump?
> From: brianol...@gmail.com
> To: debian-user@lists.debian.org
>
> > #tcpdump port 4957
> > I want to obtain the payload data to see what is realy being exchanged
> > between my Debian server and
. It seems that package is not available in Debian's
repos :-?
Anyway, have you tried to save the file with "tcpdump -w" and then read
it with "tcpdump -r" switch?
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject
> #tcpdump port 4957
> I want to obtain the payload data to see what is realy being exchanged
> between my Debian server and the outside network element . Can you please
> let me know how I can modify my command ?
Try
tcpdump host and port 4957
This will grab all packets to
> To: debian-user@lists.debian.org
> From: noela...@gmail.com
> Subject: Re: tcpdump?
> Date: Sat, 20 Feb 2010 09:49:50 +
>
> On Sat, 20 Feb 2010 06:26:07 +, Hadi Motamedi wrote:
>
> > Sorry . I mean inside the payload data (as I have obtained the output
> Date: Sat, 20 Feb 2010 10:42:03 +0200
> From: brentgclarkl...@gmail.com
> To: debian-user@lists.debian.org
> Subject: Re: tcpdump?
>
> On 20/02/2010 08:05, Hadi Motamedi wrote:
> > Dear All
> > I have put tcpdump trace on port 4957 on my Debian server , as the
On Sat, 20 Feb 2010 06:26:07 +, Hadi Motamedi wrote:
> Sorry . I mean inside the payload data (as I have obtained the output by
> tracing with tcpdump) . I need to decode the exchanged data .
Does "tcpshow" helps?
***
tcpshow - decode a tcpdump savefile
(...)
tcpshow r
On 20/02/2010 08:05, Hadi Motamedi wrote:
Dear All
I have put tcpdump trace on port 4957 on my Debian server , as the
following :
#tcpdump port 4957
I want to obtain the payload data to see what is realy being exchanged
between my Debian server and the outside network element . Can you
> Date: Sat, 20 Feb 2010 18:01:49 +1100
> From: a...@samad.com.au
> To: debian-user@lists.debian.org
> Subject: Re: tcpdump?
>
> On Sat, Feb 20, 2010 at 06:26:07AM +, Hadi Motamedi wrote:
> >
> >
>
> [snip]
>
> > Sorry . I mean inside th
On Sat, Feb 20, 2010 at 06:26:07AM +, Hadi Motamedi wrote:
>
>
[snip]
> Sorry . I mean inside the payload data (as I have obtained the output by
> tracing with tcpdump) . I need to decode the exchanged data .
t
> Subject: Re: tcpdump?
> From: fr...@anotheria.net
> CC: debian-user@lists.debian.org
> Date: Sat, 20 Feb 2010 07:19:13 +0100
> To: debian-user@lists.debian.org
>
> On Sat, 2010-02-20 at 06:05 +, Hadi Motamedi wrote:
> > Dear All
> > I have put tcpdum
On Sat, 2010-02-20 at 06:05 +, Hadi Motamedi wrote:
> Dear All
> I have put tcpdump trace on port 4957 on my Debian server , as the
> following :
> #tcpdump port 4957
> I want to obtain the payload data to see what is realy being exchanged
> between my Debian server and t
Dear All
I have put tcpdump trace on port 4957 on my Debian server , as the following :
#tcpdump port 4957
I want to obtain the payload data to see what is realy being exchanged between
my Debian server and the outside network element . Can you please let me know
how I can modify my command
On Thu, Jul 26, 2007 at 06:17:40PM +0200, Nigel Henry wrote:
> On Thursday 26 July 2007 00:47, Andrew Sackville-West wrote:
> > I get a lot of these in my tcpdump on my machine:
> >
> > 15:45:47.427003 IP basement.ipp > 192.168.1.31.ipp: UDP, length 129
> > 1
On Wed, Jul 25, 2007 at 04:23:27PM -0700, David Brodbeck wrote:
>
> On Jul 25, 2007, at 3:47 PM, Andrew Sackville-West wrote:
>
>> I get a lot of these in my tcpdump on my machine:
>>
>> 15:45:47.427003 IP basement.ipp > 192.168.1.31.ipp: UDP, length 129
>
On Thursday 26 July 2007 00:47, Andrew Sackville-West wrote:
> I get a lot of these in my tcpdump on my machine:
>
> 15:45:47.427003 IP basement.ipp > 192.168.1.31.ipp: UDP, length 129
> 15:45:48.427004 IP basement.ipp > 192.168.1.31.ipp: UDP, length 167
>
> 192.168.1.31
On Jul 25, 2007, at 3:47 PM, Andrew Sackville-West wrote:
I get a lot of these in my tcpdump on my machine:
15:45:47.427003 IP basement.ipp > 192.168.1.31.ipp: UDP, length 129
15:45:48.427004 IP basement.ipp > 192.168.1.31.ipp: UDP, length 167
192.168.1.31 is my broadcast addres
I get a lot of these in my tcpdump on my machine:
15:45:47.427003 IP basement.ipp > 192.168.1.31.ipp: UDP, length 129
15:45:48.427004 IP basement.ipp > 192.168.1.31.ipp: UDP, length 167
192.168.1.31 is my broadcast address, and basement is me. They usually
come in pairs lik
tcpdump ion current Debian testing does not show the VLAN ID in 802.1q
tagged Ethernet frames.
I have observed this using two machines:
(A) Linux-2.4.34.4, almost everything compiled on my own from scratch
tcpdump-3.9.5 and libpcap 0.9.5
(B) Debian testing, up to date, kernel 2.6.18-4-686
Hello,
On dual proc Xeon with dual ethernet Intel e1000, when I run a tcpdump,
according to network traffic my system freezes.
The console is dead, the only way to restore the system is an electric power
restart.
My configuration is :
# uname -a
Linux 2.6.8-2-686-smp #1 SMP Tue Aug 16 12:08:30
On Wed, 28 Feb 2007 17:10:43 -0500
Marc D Ronell <[EMAIL PROTECTED]> wrote:
>
>
> Hi,
>
> I can not ping a remote host successfully unless I have "tcpdump -i
> eth0" running, in which case, my network access works fine.
>
> I am running Debian etch
Hi,
I can not ping a remote host successfully unless I have "tcpdump -i
eth0" running, in which case, my network access works fine.
I am running Debian etch on a Dell Inspiron e1505 laptop. The eth0
address is static on my local LAN. Once tcpdump is running, the
laptop
2058 q: PTR?
10.130.148.213.in-addr.arpa. 1/0/0 10.130.148.213.in-addr.arpa. (71)
It's quite strange that i get the answer although my udp packet has a
bad checksum. Could it be a tcpdump/libpcap problem?
Furthermore, the checksum error comes and goes. I tried with a kernel
2.6.8 and a diffe
2058 q: PTR?
10.130.148.213.in-addr.arpa. 1/0/0 10.130.148.213.in-addr.arpa. (71)
It's quite strange that i get the answer although my udp packet has a
bad checksum. Could it be a tcpdump/libpcap problem?
Furthermore, the checksum error comes and goes. I tried with a kernel
2.6.8 and a diffe
I'm working on a problem between two MTAs. I've got tcpdump logging
all port 25 packets between the two machines, but the problem only
happens once in a while and the vast bulk of the traffic is not of
interest.
Specifically, once in a while the MTAs get confused about the state o
uld be
perfectly OK for anything you ever want to do with Debian.
What is the output of ifconfig? Does your network work
well, apart from the tcpdump/ethereal problem?
Cheers,
--
W. Borgert <[EMAIL PROTECTED]>, http://people.debian.org/~debacle/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
wi
According to Freddy Freeloader,
> W. Borgert wrote:
>
> >Quoting Freddy Freeloader <[EMAIL PROTECTED]>:
> >
> >
> >>connection errors. Since I've upgraded to sarge I get the following
> >>error when attempting to use tcpdump: get i f
W. Borgert wrote:
Quoting Freddy Freeloader <[EMAIL PROTECTED]>:
connection errors. Since I've upgraded to sarge I get the following
error when attempting to use tcpdump: get i f addrs: connection refused.
I have what I'm assuming to be is related in ethereal too. When
at
Quoting Freddy Freeloader <[EMAIL PROTECTED]>:
> connection errors. Since I've upgraded to sarge I get the following
> error when attempting to use tcpdump: get i f addrs: connection refused.
>
> I have what I'm assuming to be is related in ethereal too. When
27;ve
run into quite a few bugs(?). Two that are really causing me a problem
in what I'm attempting to do right now (learn Samba). I use tcpdump
and/or ethereal to do captures of network traffic to help troubleshoot
connection errors. Since I've upgraded to sarge I get the following
How it
your new configuration different from your old one?
> My problem is with eth0. I have it up, but without IP. I seted it in
> promiscous mode and without promiscous, with the same weird results.
>
> When I run tcpdump with any filter ("ip", "tcp&
with the same weird results.
When I run tcpdump with any filter ("ip", "tcp", "port 80", ...) I only get
some initial packets, in traffic time that means 37 packets, sometimes less
than that, as I could see never more than that. The same weird thing happens
4.3.2.1-4.5.6.7/require
ah/tunnel/4.3.2.1-4.5.6.7/require;
and the same on the single host, with the policies switched.
Connectivity is fine, but as I checked the packets arriving at the
single host with tcpdump, I was kinda startled and don't know
anymore what's going on. Here's the
oes
> depend on libaviplaydha.so?
My thoughts. Anyhow, I attribute this 99% to filesystem corruption
right now. Screw ReiserFS!
> > And to be honest: I highly doubt that someone got into this system.
> > It's not on a network and locked in my office...
>
> Not on a
* martin f krafft ([EMAIL PROTECTED]) [030704 03:59]:
> also sprach Vineet Kumar <[EMAIL PROTECTED]> [2003.07.03.2026 +0200]:
> > My next suspicion is that although tcpdump itself is fine, libpcap
> > may be screwy. I have libpcap0.7 0.7.2-1 here.
>
> You got it
also sprach Vineet Kumar <[EMAIL PROTECTED]> [2003.07.03.2026 +0200]:
> My next suspicion is that although tcpdump itself is fine, libpcap
> may be screwy. I have libpcap0.7 0.7.2-1 here.
You got it. Now either my libpcap got trojaned, or corrupted. How
can I find out? The MD5sum
t cause it's dependencies to go haywire? Btw:
> I don't think I ever had libs/libavifile installed. Never.
Right. Maybe tcpdump is okay but one of the libraries it depends on is
modified? Try these:
wingnut:~% ldd /usr/lib/libpcap.so.0.7 /lib/libc.so.6 /lib/ld-linux.so.2
/usr/lib/libpcap.
also sprach Vineet Kumar <[EMAIL PROTECTED]> [2003.07.02.1959 +0200]:
> > diamond:~# ldd /usr/sbin/tcpdump [307]
> > libpcap.so.0.7 => /usr/lib/libpcap.so.0.7 (0x42aa7000)
> > libc.so.6 =&
* martin f krafft ([EMAIL PROTECTED]) [030628 23:18]:
> also sprach Vineet Kumar <[EMAIL PROTECTED]> [2003.06.26.1908 +0200]:
> > 0c558a84f5eba114dd31878fd4fd3e18 /usr/sbin/tcpdump
>
> this is identical.
>
> but:
>
>
On Sat, 28 Jun 2003 14:28:02 +0200
martin f krafft <[EMAIL PROTECTED]> wrote:
> weird, huh? i just suffered from major reiserfs corruption, so that
> may be one reason. but the md5sum is correct, and a reinstall yields
> the same result.
When you have things settled down, could you describe the c
also sprach Colin Watson <[EMAIL PROTECTED]> [2003.06.26.1922 +0200]:
> What do 'which tcpdump' and 'ldd `which tcpdump`' say?
diamond:~# which tcpdump
/usr/sbin/tcpdump
diamond:~# ldd `!!`
ldd `which tcpdump`
libpcap.so.0.7 => /usr/lib/libpcap.so.0.
also sprach Vineet Kumar <[EMAIL PROTECTED]> [2003.06.26.1908 +0200]:
> 0c558a84f5eba114dd31878fd4fd3e18 /usr/sbin/tcpdump
this is identical.
but:
diamond:~# ldd /usr/sbin/tcpdump [307]
libpcap.so.0.7 => /usr/lib/libpcap.so.0.7
On Thu, Jun 26, 2003 at 12:03:52PM +0200, martin f krafft wrote:
> I am sure this has something to do with MMX. However, the library is
> not found in any of the Debian packages. What's up?
>
> diamond:~# tcpdump -ni any icmp
> tcpdump: error while loading shared libraries: li
* martin f krafft ([EMAIL PROTECTED]) [030626 09:53]:
> I am sure this has something to do with MMX. However, the library is
> not found in any of the Debian packages. What's up?
>
> diamond:~# tcpdump -ni any icmp
> tcpdump: error while loading shared libraries: libaviplay
I am sure this has something to do with MMX. However, the library is
not found in any of the Debian packages. What's up?
diamond:~# tcpdump -ni any icmp
tcpdump: error while loading shared libraries: libaviplaydha-0.7.so.0: cannot
open shared object file: No such file or directory
di
On Thu, Nov 14, 2002 at 09:45:22PM +, p wrote:
> debs (et al.),
>
> apparently, there's trojan code in
> tcpdump & libpcap.
>
> woody is okay, right? but those apps
> in sarge/sid could be effected?
No, Debian is apparently safe. (At least, so members of the
debs (et al.),
apparently, there's trojan code in
tcpdump & libpcap.
woody is okay, right? but those apps
in sarge/sid could be effected?
(i'm just the curious messenger.)
b.
att.
//
INFORMATION ALERT
AN EMERGING ISSUE WITH:
TROJAN CODE PLANTED IN TCPDUMP AND LIBPCAP
SE
Hello,
i have used tcpdump to get my ssh connection going on the server.
While doing that i saw a certain address poping up that was rejected
by my shorewall firewall. I knew this ip address from when the server
was a suse server. It always tries to talk to the server every 2 minutes.
excerpt
Hi,
I recently tried to use tcpdump. But soon I realized the following
problem:
when I do a "tcpdump -i eth0 > /dev/null"
I get nearly half of the packets as dropped by kernel.
for example:
z314:~> sudo tcpdump -i eth0 > /dev/null
tcpdump: listening on eth0
2032 packets rece
Martin Edward John Waller <[EMAIL PROTECTED]> wrote:
Hello,
I can't get remote x to work - even Xnest to
localhost fails. With tcpdump, I see messages
akin to the above, complaining that the xdmcp port
can't be accessed. This port is listed in my
/etc/services, I have th
Hello,
I can't get remote x to work - even Xnest to
localhost fails. With tcpdump, I see messages
akin to the above, complaining that the xdmcp port
can't be accessed. This port is listed in my
/etc/services, I have the 'no-listen-tcp' option
removed in the relevant files
On Fri, Apr 19, 2002 at 04:11:39PM +, Rory Campbell-Lange wrote:
> I'd like to run tcpdump on internal network traffice between our router
> and general workstations.
>
> My laptop, on which I'm running tcpdump, is connected to the same switch
> as the router. Howev
> On Fri, Apr 19, 2002 at 04:11:39PM +, Rory Campbell-Lange wrote:
>> I'd like to run tcpdump on internal network traffice between our router
>> and general workstations.
>>
>> My laptop, on which I'm running tcpdump, is connected to the same switch
>
On Fri, Apr 19, 2002 at 04:11:39PM +, Rory Campbell-Lange wrote:
> I'd like to run tcpdump on internal network traffice between our router
> and general workstations.
>
> My laptop, on which I'm running tcpdump, is connected to the same switch
> as the router. Howev
I'd like to run tcpdump on internal network traffice between our router
and general workstations.
My laptop, on which I'm running tcpdump, is connected to the same switch
as the router. However I can only get traffic between my machine and the
router using tcpdump.
The switch is a mana
Subject: tcpdump broken by upgrade (Potato)
Date: Wed, May 02, 2001 at 10:22:31AM -0400
In reply to:Wayne Topa
Quoting Wayne Topa([EMAIL PROTECTED]):
> Has anyone else (using the 2.4.4 kernel packages) lost tcpdump?
Replying to my own message:
Forget it! The problem tur
Has anyone else (using the 2.4.4 kernel packages) lost tcpdump?
apt-get install tcpdump
Reading Package Lists... Done
Building Dependency Tree... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution
as root:
tcpdump -i ppp0
tcpdump: Symbol `pcap_version' has different size in shared object, consider
re-linking
tcpdump: unknown data link type 0xc
I know tcpdump was updated not long ago for potato, did this break it or was
it due to me removing the old qt libs leaving only 2.2.2-0?
of them)
>
> > 2. At work we are just beginning to use Debian and we intend to replace
> > rh with Debian. I am able to run tcpdump on Debian but not on rh6.0. The
> > latter gave this error with tcpdump -i eth0:
> >
> > tcpdump: socket: Socket type not supporte
e pointers? I'm running slink with the latest update.
I've succesfully compiled and used Ssh 2.0.13 both on RH and Debian
I suggest you to check the packets needed by ssh (zlib is one of them)
> 2. At work we are just beginning to use Debian and we intend to replace
> rh with Debian.
k with the latest update.
2. At work we are just beginning to use Debian and we intend to replace
rh with Debian. I am able to run tcpdump on Debian but not on rh6.0. The
latter gave this error with tcpdump -i eth0:
tcpdump: socket: Socket type not supported
Can anyone please tell me what changes
Hi, I'm a newbie in Linux.
I've a problem with tcpdump. I set it suid. When I run it as a user (not
root), it can't stop normally. When it stopped, it gave message like this:
linux socket : operation not permitted.
Help me please..
Thanks
--indra--
The new version of tcpdump in rex-updates depends on libpcap0, a package
which is not in rex (1.2).
libpcap0 should either be added to rex-updates, or a different version
of tcpdump that doesn't require it should be placed in rex-updates.
--
G. Branden Robinson
Purdue University
[
Hi,
tcpdump 3.3-2 won't work for me. here is the error message:
tcpdump: unknown data link type 0xc
though I have no problem using PPP.
Lawrence,
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
To get tcpdump to work with tokenring:
get the following files:
ftp.ee.lbl.gov/libpcap-0.3.tar.Z
ftp.ee.lbl.gov/tcpdump-3.3.tar.Z
ftp.ocs.com.au/pub/tcpdump-3.3-tokenring.gz (patchs libpcap & tcpdump)
place all in temp dir, uncompress and extract.
READ tcpdump-3.3-tokenring, about the patch
I was able to get tcpdump to work on a tokenring network, on my debian
system. :)
If anyone would like this, or I should place it somewhere...let me know.
Matthew
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail
Anyone using tcpdump or an 'ip-watcher' program on
a tokenring based network ??
I can't find support for it anywhere...
Matthew
92 matches
Mail list logo
