public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* [gentoo-user] Re: Packet sniffing broken recently?
  @ 2011-12-29 15:29 99%     ` walt
  0 siblings, 0 replies; 1+ results
From: walt @ 2011-12-29 15:29 UTC (permalink / raw
  To: gentoo-user

On 12/29/2011 02:09 AM, Mick wrote:
> On Thursday 29 Dec 2011 07:10:19 Lubos Kolouch wrote:
>> walt, Wed, 28 Dec 2011 17:01:59 -0800:
>>> Sometime in the last month or so (when I wasn't looking) my ~x86 and
>>> ~amd64 machines quit working when I try to run wireshark or tcpdump,
>>> etc, but I don't know exactly when or why.  (My amd64 machine still
>>> sniffs packets normally.)
>>>
>>> I get this same error from any packet sniffing app:
>>>
>>> Can't open netlink socket 93:Protocol not supported
>>>
>>> Strace shows that this is the failing system call:
>>>
>>> socket(PF_NETLINK, SOCK_RAW, 12) = -1 EPROTONOSUPPORT (Protocol not
>>> supported)
>>>
>>> That makes me think of some missing kernel config that may have been
>>> added or modified in recent kernels, so I tried gentoo-sources-3.0.6
>>> (same as my working amd64 machine) with no joy.  Same error message.
>>>
>>> Have I missed some important gentoo bulletin about networking recently?
>>> Anyone have working packet sniffing on ~arch?
>>
>> Hi,
>>
>> If I remember correctly, I needed to set
>> Networking support ->  Networking options ->  Network packet filtering
>> framework (Netfilter) ->  Core Netfilter Configuration ->  Netfilter
>> connection tracking support
>>
>> It has been a while though, so it may be another option in the
>> netfilter config - just try it :)
>>
>> Lubos
>
> tcpdump-3.9.8-r1 and kernel-3.0.6-gentoo works fine here with no errors.

Thanks guys.  I enabled all of the netfilter stuff as modules, then ran
tcpdump.  Turns out that tcpdump loaded only the 'nfnetlink' module, which
makes good sense given my original 'NETLINK' error message.

This change appears to be somewhere in userland, though, not in the kernel
per se.  I copied the kernel .config file from my working amd64 machine
to the 'broken' ~amd64 machine and recompiled the kernel.

No improvement.  I had to enable the nfnetlink module to make packet sniffing
work again.  I suppose one of the networking packages changed in a recent ~arch
update.




^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2011-12-29  1:01     [gentoo-user] Packet sniffing broken recently? walt
2011-12-29  7:10     ` [gentoo-user] " Lubos Kolouch
2011-12-29 10:09       ` Mick
2011-12-29 15:29 99%     ` walt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox