tcpdump

Dave England · ‎04-09-2003

I have tried pfconfig in both promisc and copyall modes but tcpdump host mycomputer doesn't produce any output when mycomputer (which is a pc running telnet) connetced to the server where I am running tcpdump. Can someone tell me how I can get this to work like snoop.

Al Licause · ‎04-09-2003

Dave,

These are the instructions we give to customers asking for such help:

1) make sure the following line is in your kernel configuration file and the current booted kernel is using this configuration

options PACKETFILTER

2) # cd /dev;
# ./MAKEDEV pfilt

This creates the psuedo devices needed by tcpdump

3) pfconfig +c +p device_name
i.e. pfconfig +c +p ee0

4) tcpdump -i ee0

The last command will dump everything to sysout. If you want it to go to a file use:

tcpdump -i ee0 -w filename

It should be that simple.
I see that you do mention enabling permiscuos and copyall mode, but this is the most common omission by most customers.

Al

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

tcpdump

tcpdump

Re: tcpdump