tcpdump not capturing any packets
Solution 1
As per the tcpdump man page:
-i Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface (excluding loop‐
back), which may turn out to be, for example, ``eth0''.
On Linux systems with 2.2 or later kernels, an interface argument of ``any'' can be used to capture packets from all interfaces. Note that captures
on the ``any'' device will not be done in promiscuous mode.
So, looking at your output, seems that the first available interface is bluetooth0 which does not allow packet printing, and thus the error.
However, if specifying the -i flag to any, you're picking up any available interface that allows packet printing and that's why it works in this case.
Solution 2
I'm not in front of it right now but
there is a switch for tcpdump to list all interfaces, then you can specify specifically the one you want. Try tcpdump --list-interfaces then you can do e.g. tcpdump -i eth0 or whatever particular interface you want to listen on.
Related videos on Youtube
23 : 20
41 : 00
16 : 53
02 : 44
02 : 16
Rosamunda
A lawyer during the day, and a developer during the night. Enjoy reading about PHP, MySQL, JS, Marketing, SEO and Entrepreneurship. In my free time I love to get my hands dirty with Linux, and play (and break) my arduino. Enjoying life through meaningful work and enthusiasm.
Updated on September 18, 2022Comments
-
Rosamunda over 1 year
I'm trying to monitor what's going on in my network, so I've tried
tcpdumpcommand. I'm just learning to use it, so I thought on playing around a little bit with it.My problem is that I cannot capture any packet using just tcpdump without any parameters.
when I type
tcpdump, I get this answer:tcpdump: packet printing is not supported for link type BLUETOOTH_HCI_H4_WITH_PHDR: use -w
So I tried tcpdump:
tcpdump -w archivitoAnd I've got this:listening on bluetooth0, link-type BLUETOOTH_HCI_H4_WITH_PHDR (Bluetooth HCI UART transport layer plus pseudo-header),
capture size 65535 bytes
0 packets captured
62 packets received by filter
0 packets dropped by kernel
So the archivito file was empty, so I've tried:
tcpdump port 80And I've got this reply:tcpdump: Bluetooth link-layer type filtering not implemented
How may I get some output from tcpdump? I've read the man pages about this command, but couldn't understand why it's not working for me.
So, I then tried
sudo tcpdump -w archivito, and I've got this output:tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
It remains there for a while, but all I still get is
0 packets captured
0 packets received by filter
0 packets dropped by kernel
Finally I tried
sudo tcpdump -i any, and it worked (it captured several packets). But why it worked ONLY when asking it to monitor in all interfaces?