Failing tcpdump security union

Hi Jesse,

When I try to run the: sudo tcpdump -nnttttAi eth1 command in security union (from the Hands-on penetration testing course Bonus Lab 3 Windows 7 […]) I get the following error message:

tcpdump: eth1: SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: No such device

Could you tell me what I am doing wrong please?

Thanks in advance!

Jesse has his Security Onion on two interfaces, one NAT at eth0 and another Host-Only at eth1. You should check at which interfaces you have the networking setup. You can type ip a in your security onion terminal to see what interfaces are there on your system.

Hi Apurv,
Thanks for your message. Just checked, I got the same network setup as you described. However, when I type ip a, neither eth0 or eht1 shows up in the terminal of my security onion. Security onion interfaces that are depicted are: qlen, enp0s, br, docker, veth. On my Kali linux, on the otherhand, they do show up with ip a. So still clueless i’m afraid…

@Stef, the newer version of Security Onion has a different network alias. Type the following to see your interfaces.

ifconfig

Your host-only interface should be enp0s8, which is what you’d want to monitor with tcpdump.

That did the trick. Thanks!