LMS 3.1: Packet Capture utility issue

Answered Question
Oct 27th, 2009

I received the following error after "Create" through either the Device Center or directly at http://ciscoworks:1741/cwhp/PacketCapture.do.

"WinPcap Problem

There are no available interfaces from which to capture the data.

Note: This tool only works with Ethernet interfaces."

I had used the tool successfully before, though I don't recall whether that's before or after migrating from LMS 2.6 on Sol 8 to LMS 3.1 on Sol 10 with IPMP. Is WinPcap used even on Solaris?

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 7 years 1 month ago

See attached.

Correct Answer by Joe Clarke about 7 years 1 month ago

No. jet is not setuid root. Do a chown root /opt/CSCOpx/objects/jet/bin/jet, then try it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Joe Clarke Tue, 10/27/2009 - 07:24

No. JET can operate directly on kernel APIs. The key is that /opt/CSCOpx/objects/jet/bin/jet must be setuid root. That said, I never did any testing on IPMP. There may be an incompatibility with the old ethereal binary I am using and IPMP. If jet is setuid root, running /opt/CSCOpx/objects/jet/bin/jet -D will indicate if it finds any interfaces.

Note: JET will not work in a non-global zone by default. In order to allow packet capturing in a non-global zone, see this blog:

http://blogs.sun.com/gbrunett/entry/i_see_you_snoop_1m

yjdabear Tue, 10/27/2009 - 07:28

No Solaris zone on the LMS server here. IPMP may be the culprit then?

ls -al /opt/CSCOpx/objects/jet/bin/jet

-rwsr-x--- 1 casuser casusers 4728044 Jun 15 2008 /opt/CSCOpx/objects/jet/bin/jet

/opt/CSCOpx/objects/jet/bin/jet -D

tethereal: There are no interfaces on which a capture can be done

Correct Answer
Joe Clarke Tue, 10/27/2009 - 07:31

No. jet is not setuid root. Do a chown root /opt/CSCOpx/objects/jet/bin/jet, then try it.

yjdabear Tue, 10/27/2009 - 07:42

Will do.

Should the jet binary be installed as setuid root by default? If not, how did it manage to function before, with or without IPMP in the picture?

Joe Clarke Tue, 10/27/2009 - 07:45

Yes, and it is. Someone must have changed it. Note: there are a few setuid binaries installed by LMS. If someone did a wholesale chown, things will certainly break.

yjdabear Tue, 10/27/2009 - 07:56

Arghh, that rings a bell: I had done a mass "find . -group 9999992 -print | xargs chown -h casuser:casusers" because Sol 10 didn't update file ownership after casuser:casusers' uid/gid numbers got changed manually.

Could you post a list of what other specific binaries might have gotten the wrong UID/GID due to the above? Thanks!

Joe Clarke Tue, 10/27/2009 - 08:12

The following are on my Solaris 10 server:

./.odbc.ini.orig

./.sqlanywhere10/diagnostics/sadiags.xml

./.sqlanywhere10/sasrv.ini

./MDC/Apache/conf/hashLockXYai5f

./MDC/Apache/conf/hashLockYYai5f

./MDC/Apache/logs/apache_runtime_status

./MDC/Apache/logs/httpd.pid

./MDC/tomcat/webapps/cwportal/WEB-INF/screens/portal/view/AlertsSummary.jsp.orig

./MDC/tomcat/webapps/rme/WEB-INF/classes/uii.properties

./MDC/tomcat/webapps/upm/WEB-INF/classes/log4j-ogs.properties

./backup/manifest/dfm/server/Systemfile.txt

./bin/ChangeOSAGENTPort.pl

./bin/ServicesUpdate.exe

./bin/cwrcp

./bin/dcrcli

./bin/dcrcli.orig

./bin/fping

./bin/fping6

./bin/traceroute

./bin/unixLogin.sol

./bin/wrapLogrot

./campus/bin/UTPing

./campus/bin/UTXPing

./conf/csdiscovery/g.xml

./conf/efw/EventHandlers.conf

./conf/inetd.conf.added

./databases/rmeng/orig/odbc.tmpl.back

./lib/librocksaw.so

./log/conf/ddv.logConf

./log/conf/redis.logConf

./log/conf/vi.logConf

./log/conf/vi1.logConf

./log/conf/vic.logConf

./log/conf/vic1.logConf

./log/conf/vpta.logConf

./log/conf/vpta1.logConf

./log/schema.log

./objects/dmgt/DFMPing.txt

./objects/dmgt/ssg.txt

./objects/dmgt/ssg1.txt

./objects/jet/bin/jet

./objects/smarts/bin/system/sm_logerror

./objects/smarts/conf/SMARTS.licserv

./objects/smarts/local/conf/runcmd_env.sh

./objects/smarts/local/logs/DFM.log

./objects/smarts/local/logs/DFM.log.014

./objects/smarts/local/logs/DFM.log.015

./objects/smarts/local/logs/DFM.log.016

./objects/smarts/local/logs/DFM.log.bak

./objects/smarts/local/logs/DFM1.log

./objects/smarts/local/logs/DFM1.log.014

./objects/smarts/local/logs/DFM1.log.015

./objects/smarts/local/logs/DFM1.log.016

./objects/smarts/local/logs/DFM1.log.bak

./objects/smarts/local/repos/icf/DFM.rps

./objects/smarts/local/repos/icf/DFM1.rps

./objects/wfengine/program/Provisioneer.cfg

yjdabear Tue, 10/27/2009 - 08:24

To be sure, their UID should be root. But what about the GID? casusers or sys, or something else? Thanks for your patience.

Actions

This Discussion