Wireshark-users: Re: [Wireshark-users] Gtk-WARNING **: cannot open display:
From: "Robert D." <[email protected]>
Date: Tue, 13 Feb 2007 16:05:50 -0500
Guy Harris said the following:

> What does "ls -l /dev/bpf*" in a Terminal window print?

Zork:~ rd$ ls -l /dev/bpf*
crw-r--r--   1 root  wheel   23,   0 Feb 13 15:57 /dev/bpf0
crw-r--r--   1 root  wheel   23,   1 Feb 13 15:57 /dev/bpf1
crw-r--r--   1 root  wheel   23,   2 Feb 13 15:57 /dev/bpf2
crw-r--r--   1 root  wheel   23,   3 Feb 13 15:57 /dev/bpf3



> What happens if you do
> 
> 	tcpdump -i en0

Zork:~ rd$ tcpdump -i en0
tcpdump: WARNING: en0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 96 bytes


Zork:~ rd$ tcpdump -i en1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes

and a whole lot of traffic, DNS lookups, and general Internet packets
that I am looking for. <ctrl-C> stopped them.