> From: Guy Harris
>
> On Wed, Oct 30, 2002 at 03:43:58PM +0100,
> alain.bruneau@xxxxxxxx wrote:
> > When I run capture, It generates the message :
> >
> > WARNING: DL_PROMISC_MULTI failed (recv_ack: promisc_multi error 0x3)
> > WARNING: DL_PROMISC_SAP failed (recv_ack: promisc_sap error 0x3)
>
> Yes, AIX sucks as an OS on which to run any capture program other than
> the tcpdump that comes with it, as
>
> 1) the DLPI mechanism that AIX offers doesn't seem to work well
> with libpcap's code for DLPI, for reasons we haven't figured
> out;
>
> 2) IBM have not documented the BPF mechanism that their tcpdump
> uses, and it's rather non-standard, so it's taken a long time
> to figure out how to make libpcap use that.
>
> Unfortunately, until
>
> 1) the next libpcap release comes out (I don't know when that
> will be)
>
> *and*
>
> 2) whoever prepares binary packages for AIX prepares one of that
> release (I don't know when that will be *and* have no control
> over when it will happen, if it ever happens - the current
> libpcap release is 0.7.1, but it looks as if the latest
> binary package, from wherever you got the package, is 0.6.1)
>
> the only way to get Ethereal working is to download the GLib, GTK+,
> current CVS libpcap, and Ethereal source, build the libraries in
> question, install them, and then build Ethereal.
>
> (The current CVS libpcap *should* work on AIX, but maybe
> there's another
> rude AIX surprise waiting for us; we've fixed the last nasty
> problem we
> know about. Earlier versions won't work well.
>
> Furthermore:
>
> 1) when you run the configure script for libpcap, pass it the
> flag "--with-pcap=bpf", to force it to use BPF rather than
> DLPI;
>
> 2) the first time you run Ethereal - or any other program built
> with that version of libpcap - after the machine boots, you
> might have to run tcpdump, capturing from some network
> interface, briefly, in order to force the BPF driver to be
> loaded and its "/dev" files to be created.
>
> Yes, this is a pain, but that's life with AIX, it appears.)
I've tried building recent versions of glib 1.x, gtk+ 1.x, libpcap and
ethereal on AIX 4.3.3
The usual result from ethereal is a stream of gtk error messages and a not
particularly usefull dump. Even when not capturing but displaying a file
captured by tcpdump.
IIRC there are some comments in the libpcap 0.7.x distro (README.aix ?)
about how to initialise DLPI/BPF.
Regards,
Andrew Hood
A distributed system is one in which the failure of a computer you
didn't even know existed can render your own computer unusable. --
Leslie Lamport, as quoted in CACM, June 1992
<<application/ms-tnef>>
