Ask Your Question
0

dumpcap vlan and pppoes and tcp on Ubuntu 20.04 not work

asked 2022-04-06 10:10:28 +0000

ripper gravatar image

updated 2022-04-06 10:37:05 +0000

Dear all Using ubuntu 20.04 to capture traffic which have : vlan and pppoes tag witch -f like below :

dumpcap -f "vlan and pppoes and tcp" - i enp7s0

The dumpcap reponse with warning and no packet captured

Warning: Kernel filter failed: Invalid argument

the packet look like this : image description

Does any one have solution for this ? Thank you so much

edit retag flag offensive close merge delete

Comments

Can you add the dumpcap -v and dumpcap -f "vlan and pppoes and tcp" -i enp7s0 -d output to the question?

Jaap gravatar imageJaap ( 2022-04-06 11:31:19 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-04-07 18:43:22 +0000

Guy Harris gravatar image

updated 2022-04-07 18:44:04 +0000

This is not a Wireshark issue.

I can reproduce this on my Ubuntu 20.04 VM with tcpdump:

$ sudo tcpdump -i ens33 "vlan and pppoes and tcp"
Warning: Kernel filter failed: Invalid argument
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
11 packets received by filter
0 packets dropped by kernel

Please file an issue on the libpcap issue list (and send a heartfelt "thank you!" to the Linux networking stack developers for the "extract VLAN tags from the packet and stuff them into skbuff metadata, so anything doing packet filtering and packet capture has to work around this packet mutilation" part of the kernel code).

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-04-06 10:10:28 +0000

Seen: 30 times

Last updated: Apr 07