Reputation: 61
tcpdump throws PKTAP error
While running tcpdump without providing any interface
tcpdump -nS,
I'm getting tcpdump: cannot use data link type PKTAP error so I tried providing the Interface option in the command
tcpdump -i eth0 or even eth1
then I get the following error
tcpdump: eth1: No such device exists
(BIOCSETIF failed: Device not configured)
I even tried looking up on the Internet but i'm not getting any solution ...
Any help ??
Upvotes: 5
Views: 8685
Answers (2)
Reputation:
Any reason on why PKTAP issue is occurring
It's probably occurring because you installed your own version of libpcap, which does not know about the DLT_PKTAP link-layer header type, and Apple's tcpdump is somehow using your version rather than their own version (Apple's version does know about it) and, therefore, failing because, when its version of tcpdump is run without a -i argument, it uses an OS mechanism to capture on all devices, and that mechanism supplies packets with DLT_PKTAP headers and the DLT_PKTAP link-layer header type.
Upvotes: 0
Reputation: 41
I can't speak to your problem with PKTAP, but I can speak to the "No such device exists" - eth0 is a Linux-ism, and MacOS isn't Linux. You almost certainly want en0, en1, etc. "ifconfig -a" is your friend or, if you have it installed, "tshark -D".
Upvotes: 4
Related Questions
- tcpdump: Couldn't find user 'pcap'
- How to resolve tcpdump dropped packets?
- tcpdump output is diffferent than pcap file
- tcpdump / wireshark capturing problems
- tcpdump expression syntax error in `ip proto tcp`
- "tcpdump -w 1.pcap" works, but "tcpdump -C 100 -w 1.pcap" - permission denied
- Invalid tcpdump header due to pcap generated using mergecap when parsed using dpkt
- dpkt invalid tcpdump header error
- Tcpdump - pcap - Cannot sniff packets on port 5984
- tcpdump always filters my packets