HPE Community Scheduled Maintenance Notification (June 29, 10pm CDT - June 30, 12pm CDT)

Click here to learn more

Re: tcpdump

Hello
I'm trying to use the tcpdump tool for the first time
and I encounter some difficulties
>tcpdump -i lan1 host pcntpe25
tcpdump: recv_ack: promisc_phys: Invalid argument

>tcpdump -i lan2 host pcntpe25 OK
Can anyone help me please
BR

What could I say ?

15 REPLIES 15

hi,

Make sure you installed libpcap before installing tcpdump. You can get the downloadables from
http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcpdump-3.6.2/

It worked fine for me.

HTH
raj

Take it easy.

Hi RajMan
Thank you for answering :o)
The products were pre-installed by HP, so I guess it's correct.
It works well on lan2 interface which is a backup-lan for MC/Service-Guard but not on lan1 which is the active lan interface with 3 ip-addresses
1 for host and 2 for packages
that's all what's different
If you got any idea ...
BR

What could I say ?

Hi,

Can you give the output from:
# ifconfig lan1

And

# ifconfig lan2

Might give some clue !

Clemens

The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !

Hello Clemens van Everdingen
thank you for answering :o)
see-below the result of commands

root(hardy)/root-#ifconfig lan1
lan1: flags=843
inet 172.29.102.34 netmask ffff0000 broadcast 172.29.255.255
root(hardy)/root-#ifconfig lan2
lan2: flags=842
inet 0.0.0.0 netmask ffffffff

Just notice that it doesn't work on a other server of my cluster (same hardware) but it
works on a third one with FDDI
interfaces instead of 100BT
B

What could I say ?

Hi,

Are you running 10.20 or 11.00 (32 or 64 bits) ?

Clemens

The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !

Clemens
It's 11.00 64 bits
br

What could I say ?

Hi,

Could you try to run tcpdump as follows:

# tcpdump -p -i lan1 host pcntpe25

Extract from porting archive:

-p Don't put the interface into promiscuous mode.
Note that the interface might be in promiscuous mode for some other reason;
hence, `-p' cannot be used as an abbreviation for `ether host {local-hw-addr} or ether broadcast'.

See:

http://hpux.cict.fr/hppd/hpux/Networking/Admin/tcpdump-3.6.2/man.html

Let me know the results.

Regards,
Clemens

The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !

Clemens
very good idea (I hav'nt seen it into the man) but it doesn't
solve the problem :o(

What could I say ?

Hi,

Output still with the same error message ??

C.

The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !

Clemens
No ; not exactly the same;
now it is
cpdump: recv_ack:
promisc_sap: Invalid argument

before it was:
cpdump: recv_ack: promisc_phys: Invalid argument

What could I say ?

Hi Gilles,

For now I am out of clues.
Will think and search about the new error.

It has to do with the difference in cards and the promiscues mode of the failing card.

Regards,
Clemens

The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !

Hi Clemens
I was looking at
http://www.tcpdump.org/
in order to get help but
don't find anything :o(
Anyway thank you very much
for the time you spent on my request.
Regards
Gilles

What could I say ?

Hi Gilles,

Sorry that I could not be of more assistance.
I think we need a networking expert for this.

Anybody ?

Regards,
Clemens

The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !

hello
I had a look at the error and found out the libcap had a bug in previous version , the error however was completely different from yours

"tcpdump: recv_ack: info unexpected primitive ack 0x0"

and was seen as a bug in lipcab itself , HP-labs notified for that the 3rd party vendor of tcpdump and lipcab but by now installing the glatest library that should be ok , however I did come up with a similar case , turns out this was caused by some sort of incompatibility between the tcpdump and the lancard itself , in that case it was solved by installing the latest card driver patch and the latest arpa transport patch , both can be downloaded through the ITRC , I don't know what patchlevel you are on this moment but this is the error the problem I looked at generated , it looks a bit like yours (but not 100%) it's worth trying to install latest patches , it might just solve the issue , error encountered :

tcpdump net 194.52.173

WARNING: DL_PROMISC_MULTI failed
(recv_ack: promisc_multi: Invalid argument)

...knowing one ignores a greath many things is the first step to wisdom...

For what it's worth, I received this error when trying to run a 2nd instance of tcpdump:

tcpdump: recv_ack: promisc_phys: UNIX error - Invalid argument

Did this on HPUX 11i.

After doing a ps and finding the first instance of tcpdump and killing it, I found that I could run tcpdump again without problems.