-   Linux - Networking (
-   -   tcpdump - no suitable device found (

LorenCarter 05-27-2010 11:56 AM

tcpdump - no suitable device found

I'm running NetWare SLES 10 sp3 with OES2 sp2. I was working with the folks at Novell to resolve an iPrint Print Manager problem.

During the process they wanted to perform a packet capture using tcpdump. While logged in as the root user the error no suitable device was found, and I received no data at all. This server is running on a VMWare Center. On other SLES 10 sp3 systems (residing on that same VMWre Center), tcpdump captures packets just fine. I inherited all of these servers, so I wasn't here during the initial build, but I'd make the guess that they were configured similarly. On a Server that I built recently, tcpdump works fine. On two of my Servers it does not, and gives the mentioned error.

It's not that big a deal, otherwise the Servers are communicating and working just fine. But, I'd like to get it working just because it's supposed to work. Students are off for the summer, so I have time to play.

Any ideas will be welcomed.

anomie 05-27-2010 06:44 PM

What does /sbin/ifconfig show? Try providing the ethernet device explicitly for tcpdump.


# tcpdump -i <dev_here> host foo.local

LorenCarter 05-28-2010 07:16 AM

tcpdump so suitable device found
At the console of the Server (logged in as root), the command:

tcpdump -i eth0

gives me this

tcpdump: socket: Address family not supported by protocol

eth0 Link encap:Ethernet HWaddr 00:50:56:83:38:99
inet6 addr: fe80::250:56ff:fe83:3899/64 Scope:Link
RX packets:139079063 errors:29 dropped:0 overruns:0 frame:0
TX packets:174106818 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:558671723 (532.7 Mb) TX bytes:327150160 (311.9 Mb)
Interrupt:177 Base address:0x1400

eth1 Link encap:Ethernet HWaddr 00:50:56:83:00:15
inet6 addr: fe80::250:56ff:fe83:15/64 Scope:Link
RX packets:12375528 errors:53 dropped:1 overruns:0 frame:0
TX packets:22958715 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3516426710 (3353.5 Mb) TX bytes:4262922976 (4065.4 Mb)
Interrupt:185 Base address:0x1480

lo Link encap:Local Loopback
inet addr: Mask:
inet6 addr: ::1/128 Scope:Host
RX packets:2541413 errors:0 dropped:0 overruns:0 frame:0
TX packets:2541413 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2110657027 (2012.8 Mb) TX bytes:2110657027 (2012.8 Mb)

Note: IPv6 support is disabled in all adapters


anomie 05-28-2010 09:58 AM

My WAG is something is funky with the way the VM was set up. Check its ethernet device settings closely, and compare against a VM where tcpdump works normally. (Maybe in one case you bridged ethernet devices, and in another case you use NAT... for example.)

matpe 05-28-2010 11:17 AM


Originally Posted by LorenCarter (Post 3984056)
tcpdump: socket: Address family not supported by protocol

Your kernel maybe do not have CONFIG_PACKET enabled. Without it you cannot run tcpdump. Try run "modprobe packet" as root and hope it exists as a module.

LorenCarter 06-07-2010 10:43 AM

The modprobe packet command on a broke system and a working system both returned the no module found answer (or something like that).

This morning, as I was checking for newly released patches from Novell's site, I saw some new ones, installed them to all my Servers, and now tcpdump works like it ought to. So, maybe the installation of one of the patches "fixed" whatever was causing it not to work.

All times are GMT -5. The time now is 10:17 PM.