Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Using tcpdump over a PPP connection Network
Tcpdump is great and I was looking ahead using it. The bigger was my surprise when I could not, because tcpdump does not recognize my PPP internet connection (or better the ppp0 device) as being configured. Apple's Network Utility has the same sort of problem (it shows only en0, even while being on-line via PPP). Here's an example:
root# ifconfig ppp0

ppp0: flags=8055 mtu 1500
inet 62.84.136.53 --> 62.84.128.250 netmask 0xff000000
root# tcpdump -i ppp0
tcpdump: ppp0: Device not configured
root#
Please help - how can I get packet monitoring on PPP working??
    •    
  • Currently 5.00 / 5
  You rated: 5 / 5 (3 votes cast)
 
[8,291 views]  

Using tcpdump over a PPP connection | 5 comments | Create New Account
Click here to return to the 'Using tcpdump over a PPP connection' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Wrong ifconfig output
Authored by: zzen on Aug 08, '01 08:31:00PM

Of course, if anybody wonders about the way the ifconfig output looks like - it was mangled in the HTML conversion.
The stuffi between < and > is invisible. It was not clear wether the interface is UP and RUNNING. So, here is, once again, the code:

root# ifconfig ppp0
ppp0: flags=8055<UP,DEBUG,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 62.84.136.150 --> 62.84.128.250 netmask 0xff000000
root# tcpdump -i ppp0
tcpdump: ppp0: Device not configured
root#

Any idea how to solve this?



[ Reply to This | # ]
Wrong ifconfig output
Authored by: bakednotfried on Aug 09, '01 02:10:15AM
what does
ifconfig -a
show you?

[ Reply to This | # ]
Wrong ifconfig output
Authored by: zzen on Aug 09, '01 03:57:34AM

Nothing really new, bascialy the same thing:

root# ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
en0: flags=8863<UP,BROADCAST,b6,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:30:65:e8:0a:06
media: autoselect (10baseT/UTP <half-duplex>) status: active
supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 100baseTX <half-duplex> 100baseTX <full-duplex>
ppp0: flags=8055<UP,DEBUG,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 62.84.136.138 --> 62.84.128.250 netmask 0xff000000
root#



[ Reply to This | # ]
Wrong ifconfig output
Authored by: JoeDandy on Sep 23, '02 05:59:01PM

I've been able to use tcpdump on my machine, and here's how.

A quick look at the man page shows that in previous incarnations of this utility you had to be root to use it. I simply ran a sudo command, and presto, I have all the headers I can eat.
Command is as follows (a simple "-i" flag in the command lets you pick the interface):

"sudo tcpdump -i ppp0"

enter your password (if you're system admin), and you're good to go.

Hope this helps.



[ Reply to This | # ]
kernel thing
Authored by: miggins on Aug 09, '01 04:26:39AM

I think it's something to do with the way the ppp0 interface is implemented in the Darwin kernel. If you try to run nmap on the ppp0 interface it gives a bit more info (which I don't have at hand). I also noticed that Apple's supplied network port scanner only let's you use the en0 interface.

I would say that tcpdump simply will not work with ppp0 until someone changes the implementation to support it. Try the darwin kernel mailing list or something.



[ Reply to This | # ]