Bug#2857: tcpdump doesn't recognize the dummy device
Package: tcpdump
Version: 3.0.3-4
tcpdump, as the transcript below shows, doesn't recognize the `dummy'
network device.
# tcpdump
tcpdump: pcap_open_live (pcap-linux.c): unknown device dummy
# tcpdump -i sl0
tcpdump: listening on sl0
01:06:46.206181 sfere.elmail.co.uk.40005 > valour.pem.cam.ac.uk.ftp-data: . ack 3003000712 win 13140 [tos 0x8]
[...]
# ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:570 errors:0 dropped:0 overruns:0
TX packets:570 errors:0 dropped:0 overruns:0
dummy Link encap:10Mbps Ethernet HWaddr 00:00:00:00:00:00
inet addr:193.116.29.15 Bcast:193.116.29.255 Mask:255.255.255.0
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0
TX packets:0 errors:0 dropped:0 overruns:0
sl0 Link encap:Serial Line IP
inet addr:193.116.29.15 P-t-P:193.122.233.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0
TX packets:37983 errors:0 dropped:0 overruns:0
ppp0 Link encap:Point-Point Protocol
inet addr:193.116.29.15 P-t-P:193.122.233.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:4466 errors:0 dropped:0 overruns:0
TX packets:6329 errors:0 dropped:0 overruns:0
This behaviour may be clarified by the following part of the man page:
-i Listen on interface. If unspecified, tcpdump
searches the system interface list for the lowest
numbered, configured up interface (excluding loop-
back). Ties are broken by choosing the earliest
match.
Since dummy is about as interesting to snoop as the loopback, it
should probably be treated the same.
--
Richard Kettlewell
richard@elmail.co.uk http://www.elmail.co.uk/staff/richard/
Reply to: