[dnscap-users] dnscap pcap_thread libpcap error - generic error
Jerry Lundström
jerry at dns-oarc.net
Tue Apr 23 13:13:52 UTC 2019
Hi Josh,
On 4/16/19 9:00 PM, Josh Luthman wrote:
> *# dnscap -g*
> dnscap: pcap_thread libpcap error [-1]: Generic error (pcap_compile())
I've just verified this on my CentOS 7.6 test platform and I think it's
something to do with that you didn't pick interface, if I run the same
bpf using tcpdump it gives:
# tcpdump '( ( ( ( udp port 53 and udp[10] & 0x78 = 0 and ( udp[10] &
0x2 = 0x2 or 0x2 << (udp[11] & 0xf) & 0xffffffff != 0 ) ) ) ) )'
tcpdump: NFLOG link-layer type filtering not implemented
But everything works if I specify the interface:
# ./dnscap -i ens3 -g -ddddd
dnscap: version 1.10.0
dnscap: msg Q.., side IR, hide .., err NYtfsxir, t 0, c 0, C 0
dnscap: "( ( ( ( udp port 53 and udp[10] & 0x78 = 0 and ( udp[10] & 0x2
= 0x2 or 0x2 << (udp[11] & 0xf) & 0xffffffff != 0 ) ) ) ) )"
^Cdnscap: signalled break
Try with the interface on your system that you want to capture on.
Cheers,
Jerry
More information about the dnscap-users
mailing list