Does packetbeat support use of the remote virtual interface on macOS? If so, what needs to be done to get it to work correctly.
I am getting this error when trying to run packetbeat with rvi0 as an interface in packetbeat.yml:
Exiting: Sniffer main loop failed: Unsupported link type: UnknownLinkType(12)
Hello, thanks for reaching out about packetbeat devices? Does the rvi0 interface show up in the output of packetbeat devices?
The output should be similar to this:
1: awdl0 (No description available)
2: bridge0 (No description available)
3: fw0 (No description available)
4: en1 (No description available)
5: en2 (No description available)
6: p2p0 (No description available)
7: en4 (No description available)
8: lo0 (No description available)
Yes rvi0 does appear in the list with (No description available) (Not assigned ip address)
Any updates on this issue?
I'm hoping that since the rvi0 interface appears in the list, that this is fixable problem?
UnknownLinkType(12) indicates that this device is not supported and that the device type is not known to the libraries used by packetbeat (I didn't find what type 12 stands for on darwin). Which means that packetbeat does not know about the packet layout and therefore can not parse it.
is it possible to update the libraries or supplement them so that packetbeat can parse? tcpdump and wireshark both are able to parse packets from a remote virtual interface
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.