path: root/README.linux
diff options
authorGuy Harris <guy@alum.mit.edu>2000-02-19 21:44:13 +0000
committerGuy Harris <guy@alum.mit.edu>2000-02-19 21:44:13 +0000
commit2ed6a9bb5df6876a98c8495f50625b844cbb3ffd (patch)
tree615b091ad6d58da11ad8e0d5a6ad87182a3a77b6 /README.linux
parent44a7c1ec31a30d86770b369879e6d080913e6402 (diff)
Put in a note about enabling the Packet protocol; if it's not enabled on
a Linux kernel, network analysis programs such as tcpdump or Ethereal/Tethereal won't be able to capture packets. svn path=/trunk/; revision=1652
Diffstat (limited to 'README.linux')
1 files changed, 28 insertions, 4 deletions
diff --git a/README.linux b/README.linux
index ea6d125..c11af48 100644
--- a/README.linux
+++ b/README.linux
@@ -1,7 +1,31 @@
-$Id: README.linux,v 1.5 2000/02/01 21:52:22 guy Exp $
+$Id: README.linux,v 1.6 2000/02/19 21:44:13 guy Exp $
-The standard libpcap compiled for Linux has a timeout problem; it
-doesn't support the timeout argument to "pcap_open_live()".
+In order to capture packets (with Ethereal/Tethereal, tcpdump, or any
+other packet capture program) on a Linux system, the "packet" protocol
+must be supported by your kernel. If it is not, you may get error
+messages such as
+ modprobe: can't locate module net-pf-17
+in "/var/adm/messages". The following note is from the Linux
+"Configure.help" file:
+ Packet socket
+ The Packet protocol is used by applications which communicate
+ directly with network devices without an intermediate network
+ protocol implemented in the kernel, e.g. tcpdump. If you want them
+ to work, choose Y.
+ This driver is also available as a module called af_packet.o ( =
+ code which can be inserted in and removed from the running kernel
+ whenever you want). If you want to compile it as a module, say M
+ here and read Documentation/modules.txt; if you use modprobe or
+ kmod, you may also want to add "alias net-pf-17 af_packet" to
+ /etc/modules.conf.
+In addition, the standard libpcap compiled for Linux has a timeout
+problem; it doesn't support the timeout argument to "pcap_open_live()".
The current version of Ethereal attempts to work around this, so its GUI
shouldn't freeze when capturing on a not-so-busy network. If its GUI
@@ -13,7 +37,7 @@ The current version of Ethereal should work with versions of libpcap
that have been patched to fix the timeout problem, as well as working
with unpatched versions.
-An additional problem, on Linux, with current versions of libpcap is
+An additional problem, on Linux, with current versions of libpcap, is
that capture filters do not work when snooping loopback devices; if
you're capturing on a Linux loopback device, do not use a capture
filter, as it will probably reject most if not all packets, including