forked from osmocom/wireshark
Put in a note about enabling the Packet protocol; if it's not enabled on
a Linux kernel, network analysis programs such as tcpdump or Ethereal/Tethereal won't be able to capture packets. git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@1652 f5534014-38df-0310-8fa8-9805f1628bb7
This commit is contained in:
parent
b573627e42
commit
c5b0714fac
32
README.linux
32
README.linux
|
@ -1,7 +1,31 @@
|
||||||
$Id: README.linux,v 1.5 2000/02/01 21:52:22 guy Exp $
|
$Id: README.linux,v 1.6 2000/02/19 21:44:13 guy Exp $
|
||||||
|
|
||||||
The standard libpcap compiled for Linux has a timeout problem; it
|
In order to capture packets (with Ethereal/Tethereal, tcpdump, or any
|
||||||
doesn't support the timeout argument to "pcap_open_live()".
|
other packet capture program) on a Linux system, the "packet" protocol
|
||||||
|
must be supported by your kernel. If it is not, you may get error
|
||||||
|
messages such as
|
||||||
|
|
||||||
|
modprobe: can't locate module net-pf-17
|
||||||
|
|
||||||
|
in "/var/adm/messages". The following note is from the Linux
|
||||||
|
"Configure.help" file:
|
||||||
|
|
||||||
|
Packet socket
|
||||||
|
CONFIG_PACKET
|
||||||
|
The Packet protocol is used by applications which communicate
|
||||||
|
directly with network devices without an intermediate network
|
||||||
|
protocol implemented in the kernel, e.g. tcpdump. If you want them
|
||||||
|
to work, choose Y.
|
||||||
|
|
||||||
|
This driver is also available as a module called af_packet.o ( =
|
||||||
|
code which can be inserted in and removed from the running kernel
|
||||||
|
whenever you want). If you want to compile it as a module, say M
|
||||||
|
here and read Documentation/modules.txt; if you use modprobe or
|
||||||
|
kmod, you may also want to add "alias net-pf-17 af_packet" to
|
||||||
|
/etc/modules.conf.
|
||||||
|
|
||||||
|
In addition, the standard libpcap compiled for Linux has a timeout
|
||||||
|
problem; it doesn't support the timeout argument to "pcap_open_live()".
|
||||||
|
|
||||||
The current version of Ethereal attempts to work around this, so its GUI
|
The current version of Ethereal attempts to work around this, so its GUI
|
||||||
shouldn't freeze when capturing on a not-so-busy network. If its GUI
|
shouldn't freeze when capturing on a not-so-busy network. If its GUI
|
||||||
|
@ -13,7 +37,7 @@ The current version of Ethereal should work with versions of libpcap
|
||||||
that have been patched to fix the timeout problem, as well as working
|
that have been patched to fix the timeout problem, as well as working
|
||||||
with unpatched versions.
|
with unpatched versions.
|
||||||
|
|
||||||
An additional problem, on Linux, with current versions of libpcap is
|
An additional problem, on Linux, with current versions of libpcap, is
|
||||||
that capture filters do not work when snooping loopback devices; if
|
that capture filters do not work when snooping loopback devices; if
|
||||||
you're capturing on a Linux loopback device, do not use a capture
|
you're capturing on a Linux loopback device, do not use a capture
|
||||||
filter, as it will probably reject most if not all packets, including
|
filter, as it will probably reject most if not all packets, including
|
||||||
|
|
Loading…
Reference in New Issue