On Oct 9, 2009, at 1:53 PM, Tillmann Werner wrote:
No, but it sounds like you are using Linux and your kernel's raw
socket
interface does not support PF_PACKET.
Nope. That message comes if a setsockopt(fd, SOL_PACKET,
PACKET_RX_RING, ...) fails on a PF_PACKET socket FD - if the kernel
doesn't support PF_PACKET, that socket FD wouldn't exist and it
wouldn't even *try* to create the ring buffer.
That error is ENOPROTOOPT, which means that memory-mapped capture
isn't supported by the kernel; unfortunately, libpcap 1.0.0 doesn't
fall back on non-memory-mapped capture in that case. (Current top-of-
Git-tree libpcap does.)
To get memory-mapped capture support, configure the kernel with
CONFIG_PACKET_MMAP.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
