cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1116
Views
5
Helpful
9
Replies

LMS 3.1: Packet Capture utility issue

yjdabear
VIP Alumni
VIP Alumni

I received the following error after "Create" through either the Device Center or directly at http://ciscoworks:1741/cwhp/PacketCapture.do.

"WinPcap Problem

There are no available interfaces from which to capture the data.

Note: This tool only works with Ethernet interfaces."

I had used the tool successfully before, though I don't recall whether that's before or after migrating from LMS 2.6 on Sol 8 to LMS 3.1 on Sol 10 with IPMP. Is WinPcap used even on Solaris?

2 Accepted Solutions

Accepted Solutions

No. jet is not setuid root. Do a chown root /opt/CSCOpx/objects/jet/bin/jet, then try it.

View solution in original post

9 Replies 9

Joe Clarke
Cisco Employee
Cisco Employee

No. JET can operate directly on kernel APIs. The key is that /opt/CSCOpx/objects/jet/bin/jet must be setuid root. That said, I never did any testing on IPMP. There may be an incompatibility with the old ethereal binary I am using and IPMP. If jet is setuid root, running /opt/CSCOpx/objects/jet/bin/jet -D will indicate if it finds any interfaces.

Note: JET will not work in a non-global zone by default. In order to allow packet capturing in a non-global zone, see this blog:

http://blogs.sun.com/gbrunett/entry/i_see_you_snoop_1m

No Solaris zone on the LMS server here. IPMP may be the culprit then?

ls -al /opt/CSCOpx/objects/jet/bin/jet

-rwsr-x--- 1 casuser casusers 4728044 Jun 15 2008 /opt/CSCOpx/objects/jet/bin/jet

/opt/CSCOpx/objects/jet/bin/jet -D

tethereal: There are no interfaces on which a capture can be done

No. jet is not setuid root. Do a chown root /opt/CSCOpx/objects/jet/bin/jet, then try it.

Will do.

Should the jet binary be installed as setuid root by default? If not, how did it manage to function before, with or without IPMP in the picture?

Yes, and it is. Someone must have changed it. Note: there are a few setuid binaries installed by LMS. If someone did a wholesale chown, things will certainly break.

Arghh, that rings a bell: I had done a mass "find . -group 9999992 -print | xargs chown -h casuser:casusers" because Sol 10 didn't update file ownership after casuser:casusers' uid/gid numbers got changed manually.

Could you post a list of what other specific binaries might have gotten the wrong UID/GID due to the above? Thanks!

The following are on my Solaris 10 server:

./.odbc.ini.orig

./.sqlanywhere10/diagnostics/sadiags.xml

./.sqlanywhere10/sasrv.ini

./MDC/Apache/conf/hashLockXYai5f

./MDC/Apache/conf/hashLockYYai5f

./MDC/Apache/logs/apache_runtime_status

./MDC/Apache/logs/httpd.pid

./MDC/tomcat/webapps/cwportal/WEB-INF/screens/portal/view/AlertsSummary.jsp.orig

./MDC/tomcat/webapps/rme/WEB-INF/classes/uii.properties

./MDC/tomcat/webapps/upm/WEB-INF/classes/log4j-ogs.properties

./backup/manifest/dfm/server/Systemfile.txt

./bin/ChangeOSAGENTPort.pl

./bin/ServicesUpdate.exe

./bin/cwrcp

./bin/dcrcli

./bin/dcrcli.orig

./bin/fping

./bin/fping6

./bin/traceroute

./bin/unixLogin.sol

./bin/wrapLogrot

./campus/bin/UTPing

./campus/bin/UTXPing

./conf/csdiscovery/g.xml

./conf/efw/EventHandlers.conf

./conf/inetd.conf.added

./databases/rmeng/orig/odbc.tmpl.back

./lib/librocksaw.so

./log/conf/ddv.logConf

./log/conf/redis.logConf

./log/conf/vi.logConf

./log/conf/vi1.logConf

./log/conf/vic.logConf

./log/conf/vic1.logConf

./log/conf/vpta.logConf

./log/conf/vpta1.logConf

./log/schema.log

./objects/dmgt/DFMPing.txt

./objects/dmgt/ssg.txt

./objects/dmgt/ssg1.txt

./objects/jet/bin/jet

./objects/smarts/bin/system/sm_logerror

./objects/smarts/conf/SMARTS.licserv

./objects/smarts/local/conf/runcmd_env.sh

./objects/smarts/local/logs/DFM.log

./objects/smarts/local/logs/DFM.log.014

./objects/smarts/local/logs/DFM.log.015

./objects/smarts/local/logs/DFM.log.016

./objects/smarts/local/logs/DFM.log.bak

./objects/smarts/local/logs/DFM1.log

./objects/smarts/local/logs/DFM1.log.014

./objects/smarts/local/logs/DFM1.log.015

./objects/smarts/local/logs/DFM1.log.016

./objects/smarts/local/logs/DFM1.log.bak

./objects/smarts/local/repos/icf/DFM.rps

./objects/smarts/local/repos/icf/DFM1.rps

./objects/wfengine/program/Provisioneer.cfg

To be sure, their UID should be root. But what about the GID? casusers or sys, or something else? Thanks for your patience.

See attached.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: