I'm trying to monitor what's going on in my network, so I've tried tcpdump command. I'm just learning to use it, so I thought on playing around a little bit with it.
My problem is that I cannot capture any packet using just tcpdump without any parameters.
when I type tcpdump, I get this answer:
tcpdump: packet printing is not supported for link type
BLUETOOTH_HCI_H4_WITH_PHDR: use -w
So I tried tcpdump: tcpdump -w archivito And I've got this:
listening on bluetooth0, link-type BLUETOOTH_HCI_H4_WITH_PHDR
(Bluetooth HCI UART transport layer plus pseudo-header),capture size 65535 bytes
0 packets captured
62 packets received by filter
0 packets dropped by kernel
So the archivito file was empty, so I've tried: tcpdump port 80 And I've got this reply:
tcpdump: Bluetooth link-layer type filtering not implemented
How may I get some output from tcpdump? I've read the man pages about this command, but couldn't understand why it's not working for me.
So, I then tried sudo tcpdump -w archivito, and I've got this output:
tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on
eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
It remains there for a while, but all I still get is
0 packets captured
0 packets received by filter
0 packets dropped by kernel
Finally I tried sudo tcpdump -i any, and it worked (it captured several packets). But why it worked ONLY when asking it to monitor in all interfaces?
Best Answer
As per the
tcpdumpman page:So, looking at your output, seems that the first available interface is
bluetooth0which does not allow packet printing, and thus the error.However, if specifying the
-iflag toany, you're picking up any available interface that allows packet printing and that's why it works in this case.