Solved ipfw0: That device doesn't support promiscuous mode

xoptov

New Member


Messages: 2

Hello!
I have very strange issue with ipfw0. My kernel has options IPFIREWALL and IPFIREWALL_VERBOSE but when I try listen ipfw0 interface see warning in my console:

Code:
tcpdump: WARNING: ipfw0: That device doesn't support promiscuous mode
(BIOCPROMISC: Invalid argument)
What is I can fix for ability to listen ipfw0 via tcpdump(1)?
 

phoenix

Administrator
Staff member
Administrator
Moderator

Reaction score: 1,259
Messages: 4,099

What version of FreeBSD? Works for me on 9.2:
Code:
$ sudo sysctl net.inet.ip.fw.verbose=0
Password:
net.inet.ip.fw.verbose: 1 -> 0

$ sudo tcpdump -n -i ipfw0
tcpdump: WARNING: ipfw0: That device doesn't support promiscuous mode
(BIOCPROMISC: Invalid argument)
tcpdump: WARNING: ipfw0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipfw0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:04:36.266714 IP 10.30.237.21.58727 > 66.235.122.103.443: Flags [R], seq 3729067578, win 0, length 0
15:04:36.266742 IP 10.30.237.21.58727 > 66.235.122.103.443: Flags [R], seq 3729067578, win 0, length 0
15:04:37.159739 IP 10.30.244.184.55157 > 209.121.139.138.80: Flags [F.], seq 3759584431, ack 2188719918, win 8192, options [nop,nop,TS val 411635932 ecr 1620793265], length 0
^C
17 packets captured
18 packets received by filter
0 packets dropped by kernel

$ sudo sysctl net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose: 0 -> 1

$ sudo tcpdump -n -i ipfw0           
tcpdump: WARNING: ipfw0: That device doesn't support promiscuous mode
(BIOCPROMISC: Invalid argument)
tcpdump: WARNING: ipfw0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipfw0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
Note: if net.inet.ip.fw.verbose is enabled, then all the logged packet information goes to syslogd(8) (where it is written to /var/log/security by default) and nothing will appear in the tcpdump output of ipfw0. When that sysctl is disabled, then all the logged packet information is directed to the ipfw0 interface (and nothing is logged to disk).
 
OP
OP
xoptov

xoptov

New Member


Messages: 2

I just decided what ipfw0 must support promiscuous mode but I mistaking think so :)
 

phoenix

Administrator
Staff member
Administrator
Moderator

Reaction score: 1,259
Messages: 4,099

You can also try adding -p to the tcpdump(1) command. That will run the trace without putting the interface into promiscuous mode.
 
Top