ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: Re: [ethereal-dev] ethereal on AIX-4.3.2

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 22 Dec 1999 12:36:00 -0800 (PST)
> I'm trying to get ethereal-0.7.9 to work on AIX-4.3.2, with libpcap.
> I built a recent version of libpcap (both libpcap-0.4 and
> libpcap-1999-12-09) as a shared lib, and this seems to work with
> the freeware tcpdump (both tcpdump-3.4 and tcpdump-1999-12-09).
> 
> ethereal compiles and links cleanly (once I linked glib and gtk+
> manually), and opens a display when executed. The capture interface does
> capture packets (from en0), but almost all the packets are interpreted as
> Token-Ring packets instead of Ethernet.

"libpcap" is probably using BPF rather than DLPI; to quote some mail
from Craig Rodrigues (which appears in a "README.aix" file that's not in
the 0.7.9 distribution but that will be in the 0.8.0 distribution):

	I have managed to successfully compile and use the latest
	snapshot of libpcap under AIX using DLPI.  bpf is majorly
	brain-dead under AIX, and very unsupported.  Rather than find
	all the bugs in AIX's bpf, I decided to try using dlpi, which is
	officially supported.

One of the problems is that it was returning IFT_ numbers rather than
DLT_ numbers for link types, and the IFT_ number for Ethernet (which is
an SNMP network type) has the same value as the DLT_ number for "IEEE
802" networks; "tcpdump" might be treating that as Ethernet, but we're
treating it as Token Ring.

I've attached the "README.aix" file, which includes some information on
getting Ethereal to work on AIX; I *think* the way you'd force "libpcap"
to use DLPI rather than BPF would be to run the "libpcap" configure
script with

	--with-pcap=dlpi

> In addition the File->Save menu option causes several GTK error messages
> to be displayed and a core-dump is produced. I don't think the two
> problems are realated.

I don't know the source of that, but Craig ran into a number of problems
with GTK+ on AIX; I forget whether this particular problem was one he
ran into or not (there was some particularly hideous problem that
*might* have involved compiling with "xlc_r" rather than "xlc", etc.
 - did you compile with GCC or an IBM compiler?).

Craig (rodrigc@xxxxxxxxxxxx) can probably help you out more here;
there's a pile of e-mail to the Ethereal and GTK+ mailing lists
discussing the various problems (I forget whether he also sent mail to
the "tcpdump-workers" list on the "libpcap" problems or not; he really
put in a *lot* of work bludgeoning various packages into working on AIX)
about this.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube