rev.dennis 7 Posted December 29, 2020 Share Posted December 29, 2020 Tried to capture packets for a NAT address (192.168.2.0/24 is NAT Pool) for my VMWare Fusion session. When on my mac I ran the following command I'm getting some weird error messages. dennis$ sudo tcpdump -i any -v network 192.168.2.0/24 tcpdump: data link type PKTAP tcpdump: listening on any, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes pktap_filter_packet: pcap_add_if_info(en9, 1) failed: pcap_if_info_set_add: pcap_compile_nopcap() failed pktap_filter_packet: pcap_add_if_info(bridge100, 1) failed: pcap_if_info_set_add: pcap_compile_nopcap() failed pktap_filter_packet: pcap_add_if_info(en0, 1) failed: pcap_if_info_set_add: pcap_compile_nopcap() failed pktap_filter_packet: pcap_add_if_info(en0, 1) failed: pcap_if_info_set_add: pcap_compile_nopcap() failed pktap_filter_packet: pcap_add_if_info(bridge100, 1) failed: pcap_if_info_set_add: pcap_compile_nopcap() failed pktap_filter_packet: pcap_add_if_info(en9, 1) failed: pcap_if_info_set_add: pcap_compile_nopcap() failed pktap_filter_packet: pcap_add_if_info(en9, 1) failed: pcap_if_info_set_add: pcap_compile_nopcap() failed pktap_filter_packet: pcap_add_if_info(bridge100, 1) failed: pcap_if_info_set_add: pcap_compile_nopcap() failed pktap_filter_packet: pcap_add_if_info(en0, 1) failed: pcap_if_info_set_add: pcap_compile_nopcap() failed Anyone have any ideas? Link to post Share on other sites
rev.dennis 7 Posted December 29, 2020 Author Share Posted December 29, 2020 On a mac instead of doing ifconfig you can run networksetup like below to show all your interfaces and the assigned Mac-Address dennis$ networksetup -listallhardwareports Hardware Port: Wi-Fi Device: en0 Ethernet Address: 78:4f:43:8d:54:d8 Hardware Port: Bluetooth PAN Device: en6 Ethernet Address: 78:4f:43:90:0b:f0 Hardware Port: Thunderbolt 1 Device: en1 Ethernet Address: 82:dc:af:e0:cc:01 Hardware Port: Thunderbolt 2 Device: en2 Ethernet Address: 82:dc:af:e0:cc:00 Hardware Port: Thunderbolt 3 Device: en3 Ethernet Address: 82:dc:af:e0:cc:05 Hardware Port: Thunderbolt 4 Device: en4 Ethernet Address: 82:dc:af:e0:cc:04 Hardware Port: Thunderbolt Bridge Device: bridge0 Ethernet Address: 82:dc:af:e0:cc:01 VLAN Configurations =================== dennis$ Anyhow, it appears I just had a typo in my command using the whole word network instead of net like below dennis$ sudo tcpdump -i any -n net 192.168.2.0/24 tcpdump: data link type PKTAP tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes 12:38:26.702344 ARP, Request who-has 192.168.2.1 (7a:4f:43:d8:9d:64) tell 192.168.2.2, length 28 12:38:26.702350 ARP, Request who-has 192.168.2.1 (7a:4f:43:d8:9d:64) tell 192.168.2.2, length 28 12:38:26.702360 ARP, Reply 192.168.2.1 is-at 7a:4f:43:d8:9d:64, length 28 12:38:26.702362 ARP, Reply 192.168.2.1 is-at 7a:4f:43:d8:9d:64, length 28 Just kept plugging away. Link to post Share on other sites
Recommended Posts