All,

I'm running NetWare SLES 10 sp3 with OES2 sp2. I was working with the folks at Novell to resolve an iPrint Print Manager problem.

During the process they wanted to perform a packet capture using tcpdump. While logged in as the root user the error no suitable device was found, and I received no data at all. This server is running on a VMWare Center. On other SLES 10 sp3 systems (residing on that same VMWre Center), tcpdump captures packets just fine. I inherited all of these servers, so I wasn't here during the initial build, but I'd make the guess that they were configured similarly. On a Server that I built recently, tcpdump works fine. On two of my Servers it does not, and gives the mentioned error.

It's not that big a deal, otherwise the Servers are communicating and working just fine. But, I'd like to get it working just because it's supposed to work. Students are off for the summer, so I have time to play.

Any ideas will be welcomed.
thanks
Loren

What does /sbin/ifconfig show? Try providing the ethernet device explicitly for tcpdump.

At the console of the Server (logged in as root), the command:

tcpdump -i eth0

gives me this

tcpdump: socket: Address family not supported by protocol

ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:83:38:99
inet addr:xx.xxx.x.xx Bcast:xx.xxx.x.xxx Mask:xxx.xxx.xxx.xxx
inet6 addr: fe80::250:56ff:fe83:3899/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:139079063 errors:29 dropped:0 overruns:0 frame:0
TX packets:174106818 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:558671723 (532.7 Mb) TX bytes:327150160 (311.9 Mb)
Interrupt:177 Base address:0x1400

eth1 Link encap:Ethernet HWaddr 00:50:56:83:00:15
inet addr:xx.xxx.xx.xx Bcast:xx.xxx.xx.xxx Mask:xxx.xxx.xxx.xxx
inet6 addr: fe80::250:56ff:fe83:15/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12375528 errors:53 dropped:1 overruns:0 frame:0
TX packets:22958715 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3516426710 (3353.5 Mb) TX bytes:4262922976 (4065.4 Mb)
Interrupt:185 Base address:0x1480

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2541413 errors:0 dropped:0 overruns:0 frame:0
TX packets:2541413 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2110657027 (2012.8 Mb) TX bytes:2110657027 (2012.8 Mb)

Note: IPv6 support is disabled in all adapters

Loren

My WAG is something is funky with the way the VM was set up. Check its ethernet device settings closely, and compare against a VM where tcpdump works normally. (Maybe in one case you bridged ethernet devices, and in another case you use NAT... for example.)

Your kernel maybe do not have CONFIG_PACKET enabled. Without it you cannot run tcpdump. Try run "modprobe packet" as root and hope it exists as a module.

The modprobe packet command on a broke system and a working system both returned the no module found answer (or something like that).

This morning, as I was checking for newly released patches from Novell's site, I saw some new ones, installed them to all my Servers, and now tcpdump works like it ought to. So, maybe the installation of one of the patches "fixed" whatever was causing it not to work.