Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2809] Can't capture remotely using rpcap

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 18 Aug 2008 19:12:58 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2809





--- Comment #3 from Guy Harris <guy@xxxxxxxxxxxx>  2008-08-18 19:12:56 PDT ---
> I found that the libpcap (0.9.5) that is included in the WinPCAP source package
> is not the same as the libpcap (0.9.5) for Linux.

Note that the libpcap from www.tcpdump.org is actually "for UN*X", not just
"for Linux"; it supported various BSDs, for example, before it supported Linux.

> Unfortunately, when I want to recompile Wireshark using this special version of
> libpcap, ./configure reports the following problems:
> checking for pcap_open_live in -lpcap... no
> checking for pcap_open_live in -lpcap with lcfg -lodm... no
> checking for pcap_open_live in -lpcap with lpfring... no
> configure: error: Can't link with library libpcap.

What does the "config.log" file say?  There might have been an installation or
build issue with the special version of libpcap?

> It looks like the libpcap code forked between Linux and Windows. Any clues why?

At least at one point, Michael Richardson, who's the head of the libpcap and
tcpdump projects, expressed, on the tcpdump-workers mailing list some concern
about the remote capture feature - or, perhaps about the ability to get a list
of capturable devices from the remote machine:

     My only concern is why pcap should do this at all.
     It seems that you may be creating new routes for remote attacks on
systems.

Nobody's strongly pursued merging the remote-capture capabilities back into the
tcpdump.org libpcap.  I'm inclined to try again, given that a system would be
susceptible to a remote attack via rpcap only if it has the rpcap server
installed.

> Any explanations why I was unable to compile Wireshark using the libpcap from
> WinPCAP?

As per the above, I suspect there was an installation or build issue of some
sort; install the modified libpcap, try to configure Wireshark and, if it
fails, attach the config.log file to the bug.

> Shouldn't we put some efforts to merge these two versions of libpcap
> in a more coherent project?

If "we" is defined as the tcpdump.org group, yes; libpcap isn't part of
Wireshark (as it's intended to be used by, and is used by, a number of other
programs).


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube