Re: tcpdump in testing busted?
On Wed, 24 Oct 2001, Ard van Breemen wrote:
> > # tcpdump port ssh
> > tcpdump: parse error
> ard@c24574:/net/home/ard$ sudo /usr/sbin/tcpdump port ssh
> tcpdump: listening on eth0
> Version:
> ii tcpdump 3.6.2-2 A powerful tool for network monitoring and data ac
> ii libpcap0 0.6.2-2 System interface for user-level packet capture.
Snap!
I also have:
$ ldd /usr/sbin/tcpdump
libpcap.so.0 => /usr/lib/libpcap.so.0 (0x40019000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40034000)
libc.so.6 => /lib/libc.so.6 (0x40049000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
$ md5sum /usr/sbin/tcpdump /usr/lib/libpcap.so.0.6.2
38b93c300cb6434f3cd3c2f96eab6be5 /usr/sbin/tcpdump
ce2ffa288065c052929662997d5b32e5 /usr/lib/libpcap.so.0.6.2
My nsswitch.conf and /etc/services are untouched since installation.
Relevant bits of ltrace output:
pcap_open_live("eth1", 96, 1, 1000, 0xbffff96c) = 0x08140418
pcap_snapshot(0x08140418) = 96
pcap_lookupnet("eth1", 0xbffff960, 0xbffff964, 0xbffff96c) = 0
getuid() = 0
setuid(0) = 0
malloc(8) = 0x0813fde8
pcap_compile(0x08140418, 0xbffff958, "port 22", 1, 0xf8ffffff) = -1
pcap_geterr(0x08140418, 1, 0xf8ffffff, 0xbffff960, 0xbffff964) = 0x081404a4
Curiouser and curiouser...
Thanks,
Matthew.
Reply to: