From: walt <w41ter@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] Re: Packet sniffing broken recently?
Date: Thu, 29 Dec 2011 07:29:51 -0800 [thread overview]
Message-ID: <jdi11h$6up$1@dough.gmane.org> (raw)
In-Reply-To: <201112291009.47532.michaelkintzios@gmail.com>
On 12/29/2011 02:09 AM, Mick wrote:
> On Thursday 29 Dec 2011 07:10:19 Lubos Kolouch wrote:
>> walt, Wed, 28 Dec 2011 17:01:59 -0800:
>>> Sometime in the last month or so (when I wasn't looking) my ~x86 and
>>> ~amd64 machines quit working when I try to run wireshark or tcpdump,
>>> etc, but I don't know exactly when or why. (My amd64 machine still
>>> sniffs packets normally.)
>>>
>>> I get this same error from any packet sniffing app:
>>>
>>> Can't open netlink socket 93:Protocol not supported
>>>
>>> Strace shows that this is the failing system call:
>>>
>>> socket(PF_NETLINK, SOCK_RAW, 12) = -1 EPROTONOSUPPORT (Protocol not
>>> supported)
>>>
>>> That makes me think of some missing kernel config that may have been
>>> added or modified in recent kernels, so I tried gentoo-sources-3.0.6
>>> (same as my working amd64 machine) with no joy. Same error message.
>>>
>>> Have I missed some important gentoo bulletin about networking recently?
>>> Anyone have working packet sniffing on ~arch?
>>
>> Hi,
>>
>> If I remember correctly, I needed to set
>> Networking support -> Networking options -> Network packet filtering
>> framework (Netfilter) -> Core Netfilter Configuration -> Netfilter
>> connection tracking support
>>
>> It has been a while though, so it may be another option in the
>> netfilter config - just try it :)
>>
>> Lubos
>
> tcpdump-3.9.8-r1 and kernel-3.0.6-gentoo works fine here with no errors.
Thanks guys. I enabled all of the netfilter stuff as modules, then ran
tcpdump. Turns out that tcpdump loaded only the 'nfnetlink' module, which
makes good sense given my original 'NETLINK' error message.
This change appears to be somewhere in userland, though, not in the kernel
per se. I copied the kernel .config file from my working amd64 machine
to the 'broken' ~amd64 machine and recompiled the kernel.
No improvement. I had to enable the nfnetlink module to make packet sniffing
work again. I suppose one of the networking packages changed in a recent ~arch
update.
next prev parent reply other threads:[~2011-12-29 15:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-29 1:01 [gentoo-user] Packet sniffing broken recently? walt
2011-12-29 7:10 ` [gentoo-user] " Lubos Kolouch
2011-12-29 10:09 ` Mick
2011-12-29 15:29 ` walt [this message]
2011-12-29 16:09 ` Holger Hoffstaette
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='jdi11h$6up$1@dough.gmane.org' \
--to=w41ter@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox