Tcpdump doesn't support interface names that start with a digit

book

Article ID: 167888

calendar_today

Updated On:

Products

XOS

Issue/Introduction

This article documents a generic tcpdump restriction related to interface names and provides instructions how to resolve this situation.There are two possible symptoms for this tcpdump issue:

1) The tcpdump command returns an index error:

fw_1 (CBS): ~# tcpdump -ni 20dmz
tcpdump: Invalid adapter index

2) Or tcpdump starts to capture packets on a seemingly random interface:

fw_1 (CBS): ~# tcpdump -ni 10dmz
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on sync, link-type EN10MB (Ethernet), capture size 96 bytes

In this example tcpdump started capture packets on circuit sync instead of 10dmz.

Cause

Tcpdump doesn't support interface names that start with a digit. If the interface argument given to tcpdump starts with a number (e.g. "-i 20dmz"), this number is treated as an index into the list of interfaces as reported by "tcpdump -D". Tcpdump tries to capture traffic on a circuit with that index number and fails if there is no such index.

Resolution

In order to resolve this issue in an XOS configuration, you can change the device names of the affected circuits so that no device name starts with a digit.


Workaround

To work around this issue and successfully start tcpdump, first run tcpdump -D to identify the index of the circuit and then run tcpdump using the index number instead of the circuit device-name. Here is an example for the circuit 20dmz:

fw_1 (CBS): ~# tcpdump -D
1.eth0
2.sdp0
3.vnd0
4.ext
5.int
6.eth1
7.sdp1
8.sdp2
9.sdp3
10.sync
11.10dmz
12.20dmz
13.30dmz
14.40dmz
15.50dmz

The identified index for circuit 20dmz is 12. We can run tcpdump using this index number: 

fw_1 (CBS): ~# tcpdump -ni 12
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 20dmz, link-type EN10MB (Ethernet), capture size 96 bytes
...