On Fri, Jun 16, 2000 at 02:26:19PM -0600, Patrick Higgins wrote:
> How does one sniff the loopback device on Solaris 7?
Alas, one doesn't, not even with Sun's own "snoop" program:
# uname -sr
SunOS 5.7
# ifconfig -a
lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232
inet 127.0.0.1 netmask ff000000
iprb0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
inet XXX.XXX.XXX.XXX netmask ffffff00 broadcast XXX.XXX.XXX.255
ether XX:XX:XX:XX:XX:XX
# snoop -d iprb0
Using device /dev/iprb (promiscuous mode)
...
^C# snoop -d lo0
snoop: /dev/lo: No such file or directory
> The capture->start
> dialog shows only the hme0 interface, and if I try to manually enter lo0,
> it complains that it can't open /dev/lo0, because it doesn't exist. It
> seems that this is a problem with libpcap.
No, it's a problem with SunOS 5.x; libpcap is actually trying to open
"/dev/lo" (the "/dev/lo0" in the message refers to the "lo0" argument
handed to libpcap, not to the particular device opened in the libpcap
implementation used on SunOS 5.x and other OSes that use DLPI for raw
packet access), but there isn't such a device because, for better or
worse, it appears that the loopback device simply doesn't offer the
ability for user-mode programs to open it and get at raw packets via the
DLPI interface (and, as far as I know, there is no other interface
available).
snoop tries to open the same device, and fails for the same reason;
libpcap can't work around that deficiency in the underlying OS.