tcpdump: (all BPF devices are busy) - How to solve this












0















I was running tcpdump and then after some time I got this error:



tcpdump: (all BPF devices are busy)


I am not sure why? I killed all tcpdump processes, in case that this had something to do with it, but it did not fix it.










share|improve this question













migrated from security.stackexchange.com Jan 5 at 9:26


This question came from our site for information security professionals.























    0















    I was running tcpdump and then after some time I got this error:



    tcpdump: (all BPF devices are busy)


    I am not sure why? I killed all tcpdump processes, in case that this had something to do with it, but it did not fix it.










    share|improve this question













    migrated from security.stackexchange.com Jan 5 at 9:26


    This question came from our site for information security professionals.





















      0












      0








      0








      I was running tcpdump and then after some time I got this error:



      tcpdump: (all BPF devices are busy)


      I am not sure why? I killed all tcpdump processes, in case that this had something to do with it, but it did not fix it.










      share|improve this question














      I was running tcpdump and then after some time I got this error:



      tcpdump: (all BPF devices are busy)


      I am not sure why? I killed all tcpdump processes, in case that this had something to do with it, but it did not fix it.







      networking sniffing tcpdump






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 4 at 21:54









      user3755632user3755632

      101




      101




      migrated from security.stackexchange.com Jan 5 at 9:26


      This question came from our site for information security professionals.









      migrated from security.stackexchange.com Jan 5 at 9:26


      This question came from our site for information security professionals.
























          1 Answer
          1






          active

          oldest

          votes


















          0














          This isn't realy an infosec question, but did you wait long after killing the processes?
          In most code this is for the reason it describes - there's not a handle
          ... honestly, sometimes at that point a reboot is quicker than debugging the 'why' if it's a machine where you can do so, did you do so?



          can you ls /dev/bpf* on your host (if that's where they show up? )
          For those, have you tried grepping lsof output for them ?






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1390835%2ftcpdump-all-bpf-devices-are-busy-how-to-solve-this%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            This isn't realy an infosec question, but did you wait long after killing the processes?
            In most code this is for the reason it describes - there's not a handle
            ... honestly, sometimes at that point a reboot is quicker than debugging the 'why' if it's a machine where you can do so, did you do so?



            can you ls /dev/bpf* on your host (if that's where they show up? )
            For those, have you tried grepping lsof output for them ?






            share|improve this answer




























              0














              This isn't realy an infosec question, but did you wait long after killing the processes?
              In most code this is for the reason it describes - there's not a handle
              ... honestly, sometimes at that point a reboot is quicker than debugging the 'why' if it's a machine where you can do so, did you do so?



              can you ls /dev/bpf* on your host (if that's where they show up? )
              For those, have you tried grepping lsof output for them ?






              share|improve this answer


























                0












                0








                0







                This isn't realy an infosec question, but did you wait long after killing the processes?
                In most code this is for the reason it describes - there's not a handle
                ... honestly, sometimes at that point a reboot is quicker than debugging the 'why' if it's a machine where you can do so, did you do so?



                can you ls /dev/bpf* on your host (if that's where they show up? )
                For those, have you tried grepping lsof output for them ?






                share|improve this answer













                This isn't realy an infosec question, but did you wait long after killing the processes?
                In most code this is for the reason it describes - there's not a handle
                ... honestly, sometimes at that point a reboot is quicker than debugging the 'why' if it's a machine where you can do so, did you do so?



                can you ls /dev/bpf* on your host (if that's where they show up? )
                For those, have you tried grepping lsof output for them ?







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 5 at 0:23









                pacifistpacifist

                1212




                1212






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1390835%2ftcpdump-all-bpf-devices-are-busy-how-to-solve-this%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

                    Alcedinidae

                    Origin of the phrase “under your belt”?