LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 09-13-2008, 01:12 AM   #1
apit
LQ Newbie
 
Registered: Jun 2002
Location: Malaysia
Distribution: red hat 7.3
Posts: 23

Rep: Reputation: 15
Tcpdump - Capture file whenever file reached the specified limit


hi..i'm using tcpdump to capture my network traffic..When it reached the specified limit, it will automatically created a new file. The problem is i got this error when issue this command :

Command
Quote:
root@akubuntu:/home/apit/capture# tcpdump -i $INT -C $filesize -ns 1514 -w /home/apit/capture-'date +%Y%M%d-%H%M%s' .pcap
Error
Quote:
tcpdump: SIOCGIFHWADDR: No such device
Question

1- I got this command from network security book. Not really understand the command. What is %INT and $filesize used for? Is it variables that we have to declare ?

2- Using google, i found that "tcpdump: SIOCGIFHWADDR: No such device" is network card driver problem.Is it true?

3- How to solve this problem?

Thanks
 
Old 09-13-2008, 01:29 AM   #2
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
1. Read the man page for tcpdump. It will explain what -i and -C are.

The %INT is a typo on your part. You meant $INT. These are shell variables. Use the name of your interface and the file size you want instead. You don't need the variables, the book probably used them since these values would be different for various systems (for $INT, the network interface) and file size (select your own choice of $filesize).

2. This will be resolve itself when you use the correct network interface name (eg. eth0).

3. Go back to step 1.
 
Old 09-13-2008, 01:30 AM   #3
Nylex
LQ Addict
 
Registered: Jul 2003
Location: London, UK
Distribution: Slackware
Posts: 7,464

Rep: Reputation: Disabled
$INT and $filesize are variables containing the interface and filesize to use. You do need to give them values first, with something like

INT=eth0
filesize=1 (for a file size of 1 million bytes, as per the tcpdump man page)

and then run tcpdump, giving those variables. The error message you get should be taken literally: the device you're telling it to capture from doesn't exist. Check that you're passing the correct device. A simple way to check which devices exist would be to run ifconfig.
 
Old 09-13-2008, 02:16 AM   #4
apit
LQ Newbie
 
Registered: Jun 2002
Location: Malaysia
Distribution: red hat 7.3
Posts: 23

Original Poster
Rep: Reputation: 15
I issuing this command :

Quote:
root@akubuntu:/home/apit/capture# tcpdump -i eth0 -C 10 -ns 1514 -w /home/apit/capture-'date +%Y%M%d-%H%M%s' .pcap
I got this error :
Quote:
tcpdump: illegal char '.'
 
Old 09-13-2008, 02:51 AM   #5
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
The quotes around your date command should be backquotes `date...`. The .pcap should be immediately adjacent to the backquotes if you want to concatenate the file name with the suffix .pcap (eg. -w /home/apit/capture-`date +%Y%M%d-%H%M%s`.pcap - there should be no space before .pcap.

Use the $(cmd) syntax instead here - it is cleaner looking and more obvious:

/home/apit/capture-$(date +%Y%M%d-%H%M%s).pcap
 
Old 09-13-2008, 03:00 AM   #6
apit
LQ Newbie
 
Registered: Jun 2002
Location: Malaysia
Distribution: red hat 7.3
Posts: 23

Original Poster
Rep: Reputation: 15
Thanks a lot Nylex & Mr.C
I do both of the option and it running ok

Option 1
Quote:
root@akubuntu:/home/apit/capture# tcpdump -i eth0 -C 10 -ns 1514 -w /home/apit/capture-'date +%Y%M%d-%H%M%s'.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1514 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel
Option 2
Quote:
root@akubuntu:/home/apit/capture# tcpdump -i eth0 -C 10 -ns 1514 -w /home/apit/capture-$(date +%Y%M%d-%H%M%s).pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1514 bytes
16 packets captured
16 packets received by filter
0 packets dropped by kernel
 
  


Reply

Tags
tcpdump


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Quota Limit reached Jeebizz Slackware 19 04-23-2009 03:46 PM
Need to copy file (scp) to Debian server when reached 150 kb spaceuser Linux - Newbie 1 07-20-2008 03:56 PM
filesize limit on 'cat $file | sed > $file' drkstr Linux - Software 2 07-10-2006 02:47 AM
retransmiting tcpdump capture file? JWT2 Linux - Networking 9 10-09-2005 08:27 AM
VFS: file-max limit 25241 reached Toadman Mandriva 1 05-19-2005 10:39 PM


All times are GMT -5. The time now is 05:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration