How to capture network traffic using tcpdump on Sourcefire IDS box

In the usual Linux box, we capture network traffic using tcpdump like below

# tcpdump -i eth0

However, in the Sourcefire IDS box, it appears that the network interface are not configured. See below.


eth0      Link encap:Ethernet  HWaddr 01:0A:0B:FB:CD:39
          BROADCAST MULTICAST  MTU:1518  Metric:1
          RX packets:83477 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:614 (16.5 Mb)  TX bytes:0 (0.0 b)
          Memory:f2e20000-f2e40000


After checking on google, you cant dump on ethX. What you need to do is to dump from fpX instead, where eth0 will have the corresponding fp0, eth1 will have fp1 and so on.

Thats it.