tcpdump unknown device

Question

I am trying to run tcpdum on Solaris 10 as root user.
I always get unknown device - even though I am using the name provided by

ifconfig -a

How can I find out the right device name?

Can you post the results you are getting from the ifconfig -a command and the exact tcpdump command you are using? — MaQleod, Mar 09 '11 at 06:39

score 1 · Accepted Answer · answered Mar 09 '11 at 07:00

1

Use snoop in Solaris, instead of tcpdump. The interfaces that are plumbed can be listed with ifconfig -a. The unplumbed interfaces should be listed by dmesg.

answered Mar 09 '11 at 07:00

Mircea Vutcovici

16,706
4
52
80

score 0 · Answer 2 · answered Mar 09 '11 at 06:45

I have a solaris box here, but no root access or tcpdump to test. However on my Linux box, i get the interface name from ifconfig which returns something like.

$ ifconfig -a

eth2    Link encap:Ethernet  HWaddr blah
        blah 
        blah

lo      Link enca:Local loopback
        blah 
        blah

Then feeding this into tcpdump gives:-

$ tcpdump -i eth2
verbose output suppressed
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes

What's your actual output from ifconfig -a?

tcpdump unknown device

2 Answers2