tcpdump error message "That device doesn't support monitor mode"

WilderField picture WilderField · Sep 10, 2017 · Viewed 10.9k times · Source

Running Linux on a Xilinx ZCU102 development board. When using a 1000BASE-X & Tri-Mode Ethernet Mac. I can send pings out of the Ethernet port, but when I run tcpdump to try and show that packets are coming into the system... I get a strange error from tcpdump.

tcpdump -I eth1
tcpdump: eth1: That device doesn't support monitor mode

Curious if anyone has any insight on this error message from tcpdump.

How does tcpdump know if the device supports monitor mode? Does it look for something in the eth1 device node in the device tree?

Answer

MrCryo picture MrCryo · Sep 15, 2017

Use the '-i' option for non-"IEEE 802.11" interface:

tcpdump -i eth0

If you want to filter a specific data link type, run tcpdump -L -i eth0 to get the list of supported types and use a needed type like tcpdump -y EN1000MB -i eth0.