On Thu, Dec 19, 2002 at 10:26:49PM -0500, Noah Silverman wrote:
> Since upgrading to OS 10.2, I've discovered that tcpdump, as well as
> ethereal, ettercap, and other libpcap dependent programs, don't seem to
> work.
Are you using the MacOS X libpcap and tcpdump, or is one or the other of
them from tcpdump.org or some other provider of libpcap and tcpdump?
> I can run tcpdump, and get data, but it is only two types:
> 1) ALL traffic information too and from my machine
> 2) ipx and udp traffic from all machines on my LAN
>
> It appears as if TCP traffic is not being received in promiscuous mode,
> or is not being handled correctly.
I assume that you were seeing TCP traffic before the upgrade.
Are you seeing any IPX or UDP *UNICAST* traffic (or any *other* unicast
traffic, for that matter) between machines on your LAN other than your
machine, or is it all just broadcasts and multicasts?
> Do you have any suggestions or ideas?
Suggestions:
If you haven't already done so, you should probably try it with
the MacOS X tcpdump (which is probably linked, perhaps
dynamically, with the MacOS X libpcap).
If that doesn't work, report it to Apple as a bug with their
software.
If that *does* work, report it to Apple and ask them to tell
tcpdump.org what changes we need to make to *our* libpcap to
make it work.
Ideas:
If you are not seeing any IPX or UDP unicast traffic, it's
probably just not putting the interface into promiscuous mode
*at all*:
http://www.tcpdump.org/faq.html#q5
If you *are* seeing unicast traffic between machines on your LAN
other than your machine, I have no idea what's going on, which
is why I suggest you talk to Apple.
(If you've never seen unicast traffic between machines on your
LAN other than your machine, even before the upgrade, it's
probably just a switched-network or dual-speed-hub problem:
http://www.tcpdump.org/faq.html#q4
.)
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
