First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

dumpcap vlan and pppoes and tcp on Ubuntu 20.04 not work

  • retag add tags

Dear all Using ubuntu 20.04 to capture traffic which have : vlan and pppoes tag witch -f like below :

dumpcap -f "vlan and pppoes and tcp" - i enp7s0

The dumpcap reponse with warning and no packet captured 

Warning: Kernel filter failed: Invalid argument

the packet look like this : image description

Does any one have solution for this ? Thank you so much

ripper's avatar
13
ripper
asked 2022-04-06 10:10:28 +0000, updated 2022-04-06 10:37:05 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Can you add the dumpcap -v and dumpcap -f "vlan and pppoes and tcp" -i enp7s0 -d output to the question?

Jaap's avatar Jaap (2022-04-06 11:31:19 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

This is not a Wireshark issue.

I can reproduce this on my Ubuntu 20.04 VM with tcpdump:

$ sudo tcpdump -i ens33 "vlan and pppoes and tcp"
Warning: Kernel filter failed: Invalid argument
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
11 packets received by filter
0 packets dropped by kernel

Please file an issue on the libpcap issue list (and send a heartfelt "thank you!" to the Linux networking stack developers for the "extract VLAN tags from the packet and stuff them into skbuff metadata, so anything doing packet filtering and packet capture has to work around this packet mutilation" part of the kernel code).

Guy Harris's avatar
19.9k
Guy Harris
answered 2022-04-07 18:43:22 +0000, updated 2022-04-07 18:44:04 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer