LMS 3.1: Packet Capture utility issue

Answered Question
Oct 27th, 2009
User Badges:
  • Gold, 750 points or more

I received the following error after "Create" through either the Device Center or directly at http://ciscoworks:1741/cwhp/PacketCapture.do.


"WinPcap Problem


There are no available interfaces from which to capture the data.


Note: This tool only works with Ethernet interfaces."


I had used the tool successfully before, though I don't recall whether that's before or after migrating from LMS 2.6 on Sol 8 to LMS 3.1 on Sol 10 with IPMP. Is WinPcap used even on Solaris?


Correct Answer by Joe Clarke about 7 years 6 months ago

See attached.



Correct Answer by Joe Clarke about 7 years 6 months ago

No. jet is not setuid root. Do a chown root /opt/CSCOpx/objects/jet/bin/jet, then try it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Joe Clarke Tue, 10/27/2009 - 07:24
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No. JET can operate directly on kernel APIs. The key is that /opt/CSCOpx/objects/jet/bin/jet must be setuid root. That said, I never did any testing on IPMP. There may be an incompatibility with the old ethereal binary I am using and IPMP. If jet is setuid root, running /opt/CSCOpx/objects/jet/bin/jet -D will indicate if it finds any interfaces.


Note: JET will not work in a non-global zone by default. In order to allow packet capturing in a non-global zone, see this blog:


http://blogs.sun.com/gbrunett/entry/i_see_you_snoop_1m

yjdabear Tue, 10/27/2009 - 07:28
User Badges:
  • Gold, 750 points or more

No Solaris zone on the LMS server here. IPMP may be the culprit then?


ls -al /opt/CSCOpx/objects/jet/bin/jet

-rwsr-x--- 1 casuser casusers 4728044 Jun 15 2008 /opt/CSCOpx/objects/jet/bin/jet


/opt/CSCOpx/objects/jet/bin/jet -D

tethereal: There are no interfaces on which a capture can be done


Correct Answer
Joe Clarke Tue, 10/27/2009 - 07:31
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No. jet is not setuid root. Do a chown root /opt/CSCOpx/objects/jet/bin/jet, then try it.

yjdabear Tue, 10/27/2009 - 07:42
User Badges:
  • Gold, 750 points or more

Will do.


Should the jet binary be installed as setuid root by default? If not, how did it manage to function before, with or without IPMP in the picture?

Joe Clarke Tue, 10/27/2009 - 07:45
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Yes, and it is. Someone must have changed it. Note: there are a few setuid binaries installed by LMS. If someone did a wholesale chown, things will certainly break.

yjdabear Tue, 10/27/2009 - 07:56
User Badges:
  • Gold, 750 points or more

Arghh, that rings a bell: I had done a mass "find . -group 9999992 -print | xargs chown -h casuser:casusers" because Sol 10 didn't update file ownership after casuser:casusers' uid/gid numbers got changed manually.


Could you post a list of what other specific binaries might have gotten the wrong UID/GID due to the above? Thanks!

Joe Clarke Tue, 10/27/2009 - 08:12
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The following are on my Solaris 10 server:


./.odbc.ini.orig

./.sqlanywhere10/diagnostics/sadiags.xml

./.sqlanywhere10/sasrv.ini

./MDC/Apache/conf/hashLockXYai5f

./MDC/Apache/conf/hashLockYYai5f

./MDC/Apache/logs/apache_runtime_status

./MDC/Apache/logs/httpd.pid

./MDC/tomcat/webapps/cwportal/WEB-INF/screens/portal/view/AlertsSummary.jsp.orig

./MDC/tomcat/webapps/rme/WEB-INF/classes/uii.properties

./MDC/tomcat/webapps/upm/WEB-INF/classes/log4j-ogs.properties

./backup/manifest/dfm/server/Systemfile.txt

./bin/ChangeOSAGENTPort.pl

./bin/ServicesUpdate.exe

./bin/cwrcp

./bin/dcrcli

./bin/dcrcli.orig

./bin/fping

./bin/fping6

./bin/traceroute

./bin/unixLogin.sol

./bin/wrapLogrot

./campus/bin/UTPing

./campus/bin/UTXPing

./conf/csdiscovery/g.xml

./conf/efw/EventHandlers.conf

./conf/inetd.conf.added

./databases/rmeng/orig/odbc.tmpl.back

./lib/librocksaw.so

./log/conf/ddv.logConf

./log/conf/redis.logConf

./log/conf/vi.logConf

./log/conf/vi1.logConf

./log/conf/vic.logConf

./log/conf/vic1.logConf

./log/conf/vpta.logConf

./log/conf/vpta1.logConf

./log/schema.log

./objects/dmgt/DFMPing.txt

./objects/dmgt/ssg.txt

./objects/dmgt/ssg1.txt

./objects/jet/bin/jet

./objects/smarts/bin/system/sm_logerror

./objects/smarts/conf/SMARTS.licserv

./objects/smarts/local/conf/runcmd_env.sh

./objects/smarts/local/logs/DFM.log

./objects/smarts/local/logs/DFM.log.014

./objects/smarts/local/logs/DFM.log.015

./objects/smarts/local/logs/DFM.log.016

./objects/smarts/local/logs/DFM.log.bak

./objects/smarts/local/logs/DFM1.log

./objects/smarts/local/logs/DFM1.log.014

./objects/smarts/local/logs/DFM1.log.015

./objects/smarts/local/logs/DFM1.log.016

./objects/smarts/local/logs/DFM1.log.bak

./objects/smarts/local/repos/icf/DFM.rps

./objects/smarts/local/repos/icf/DFM1.rps

./objects/wfengine/program/Provisioneer.cfg


yjdabear Tue, 10/27/2009 - 08:24
User Badges:
  • Gold, 750 points or more

To be sure, their UID should be root. But what about the GID? casusers or sys, or something else? Thanks for your patience.

Actions

This Discussion