On Oct 9, 2009, at 1:53 PM, Tillmann Werner wrote:

No, but it sounds like you are using Linux and your kernel's raw socket
interface does not support PF_PACKET.

Nope. That message comes if a setsockopt(fd, SOL_PACKET, PACKET_RX_RING, ...) fails on a PF_PACKET socket FD - if the kernel doesn't support PF_PACKET, that socket FD wouldn't exist and it wouldn't even *try* to create the ring buffer.

That error is ENOPROTOOPT, which means that memory-mapped capture isn't supported by the kernel; unfortunately, libpcap 1.0.0 doesn't fall back on non-memory-mapped capture in that case. (Current top-of- Git-tree libpcap does.)

To get memory-mapped capture support, configure the kernel with CONFIG_PACKET_MMAP.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Reply via email to