On Wed, Apr 30, 2008 at 5:37 PM, Guy Harris <
guy@xxxxxxxxxxxx> wrote:
On Apr 28, 2008, at 3:47 PM, Jim McNamara wrote:
Hello all. I've taken some time to search your list archives, and didn't easily find what I was looking for. I have a brand new HP dv9820us laptop. The ethernet card is built in, and the whole motherboard has the nvidia chipset. I'm running Debian Sid with the 2.6.24-1 kernel which was part of the default Debian install. The installer found the ethernet card without issue, and correctly inserts the 'forcedeth' module to use it. The card works fine for generic activities like wired internet access, but neither the tcpdump software nor wireshark sees the card as a possible interface.
...which means this isn't a Wireshark issue, it's either a libpcap issue or a Linux issue.
I forgot to include the libpcap info - here it is:
jim@jimslaptop:~$ dpkg --list|grep libpcap
ii libpcap0.7 0.7.2-9 System interface for user-level packet captu
ii libpcap0.8 0.9.8-3 system interface for user-level packet captu
ii libpcap0.8-dev 0.9.8-3 development library and header files for lib
tcpdump:
jimslaptop:/home/jim# tcpdump -ieth0
tcpdump: bind: Network is down
wireshark (as root):
The capture session could not be initiated (bind: Network is down).
Linux issue.
Does "ifconfig eth0" report that the interface is up?
jim@jimslaptop:~$ /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1e:68:2f:f8:1b
inet addr:
192.168.68.118 Bcast:
192.168.68.255 Mask:
255.255.255.0
inet6 addr: fe80::21e:68ff:fe2f:f81b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13990 errors:0 dropped:0 overruns:0 frame:0
TX packets:9703 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16263328 (15.5 MiB) TX bytes:1227641 (1.1 MiB)
Interrupt:252 Base address:0x6000
If so, this is some mysterious Linux networking stack weirdness wherein said networking stack is using a definition of "down" with which I was not previously acquainted.
If not, presumably you have to configure the interface "up" before you can capture on it.
Debian Sid had a new version of wireshark hit the repositories between when I posted and when you replied. I didn't notice any difference in the libpcap or tcpdump files, but I did see a new version of wireshark being installed. Now wireshark works, and so does tcpdump.
Sorry to have wasted this list's time with something that was completely outside your control.
Peace and Thanks,
Jim