Re: tcpdump interface parameter
Re: tcpdump interface parameter
- Subject: Re: tcpdump interface parameter
- From: Josh Graessley <email@hidden>
- Date: Mon, 15 Apr 2002 13:17:45 -0700
On 4/15/02 12:40 PM, "James W. Walker" <email@hidden> wrote:
>
I'd like to have a way of capturing all Internet packets, to try to
>
diagnose a communication problem that I can't reproduce in-house. I
>
tried having a user go to the terminal and say
>
>
sudo tcpdump -xX -i en0 -s 0 > ~/tcp.txt
>
>
but that didn't work, probably because en0 was not the right
>
interface. The tcpdump man page says
>
>
On Linux systems with 2.2 or later kernels, an
>
interface argument of ``any'' can be used to cap-
>
ture packets from all interfaces.
One of the reasons the linux version of tcpdump has this feature has to do
with how linux packet capture occurs. On BSD, we use BPF (Berkeley Packet
Filter) sockets. An ioctl is used to set which interface the BPF socket will
tap. On linux, I believe some other mechanism is used and all packets are
passed from the kernel to user space. It is up to the client process to
filter out packets. This may be fixed now, or I may be mistaken about how it
ever worked. Anyhow, on Mac OS X to capture all packets on all interfaces, a
BPF socket for each interface would be required.
Is there some reason you want to capture on all interfaces simultaneously
instead of a specific interface?
>
but unfortunately that doesn't work on the Mac. How do you even find
>
out what the legal choices for "-i" are?
ifconfig -a
-josh
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.