On Wed, May 22, 2002 at 10:40:25PM +0800, Anand B wrote:
> Excellent!! It worked !! I downloaded libpcap 0.7.1 source; built it with
> bpf and then built ethereal 0.9.4 using libpcap 0.7.1 and hurray - ethereal
> can capture outgoing packets as well.
Cool.
Unfortunately, the other guy who had problems with outgoing packets on
AIX 4.3.3 when using libpcap-with-DLPI, Luke McKenna, reported, when
*he* tried libpcap-with-BPF:
Ok, I've done that.
But now I cannot get tcpdump/ethereal to run.
with tcpdump when I try
"tcpdump -i en0", I get:
"tcpdump: BIOCSETIF: en0: File exists"
which looked similar to a problem somebody had with *AIX's* tcpdump
(presumably using IBM's own code to use BPF):
http://www.ethereal.com/lists/ethereal-dev/199911/msg00171.html
where it printed
# tcpdump
tcpdump: BIOCSETIF: en0: Do not specify an existing file.
(which looks as if it's a fancier version of "File exists"; perhaps
AIX's tcpdump sets the locale, and in the C locale the error for EEXIST
is "File exists" while in various en_{pick your country that speaks some
derivative of the Queen's English} locales it's "Do not specify an
existing file").
When Luke tried AIX's tcpdump, it wasn't all that great either:
With the tcpdump that comes with aix I just typed "tcpdump"
and it started going (but only seeing incoming packets).
so perhaps one of the problems is that AIX's BPF sometimes just acts
strangely. (Perhaps EEXIST means somebody else has already started
sniffing on that device, although BSD's BPF appears not to have a
problem with multiple processes snooping on the same network device, and
EBUSY would have been the right error to return even if AIX's internals
make it impossible to have multiple processes snooping on the same
network device.)