Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: [Wireshark-dev] Managing pcapng files

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Sake Blok <sake@xxxxxxxxxx>
Date: Wed, 7 Dec 2011 17:06:18 +0100
Hi all,

When I use my version(s) of tshark, I have a problem using tshark to save pcapng files back to file:

sake@macsake-wifi:~$ capinfos -t in.cap 
File name:           in.cap
File type:           Wireshark - pcapng
Packet size limit:   inferred: 96 bytes
sake@macsake-wifi:~$ tshark -r in.cap -w out.cap -R arp
dlsym(0x7fff5fc43ed0, py_create_dissector_handle): symbol not found
tshark: The capture file being read can't be written as a "libpcap" file.
sake@macsake-wifi:~$ tshark -F pcapng -r in.cap -w out.cap -R arp
dlsym(0x7fff5fc43ed0, py_create_dissector_handle): symbol not found
tshark: The capture file being read can't be written as a "pcapng" file.
sake@macsake-wifi:~$ tshark -v
dlsym(0x7fff5fc43ed0, py_create_dissector_handle): symbol not found
TShark 1.7.1 (SVN Rev 40111 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.28.8, with libpcap 1.1.1, with libz 1.2.5, without
POSIX capabilities, without SMI, with c-ares 1.7.4, without Lua, with Python
2.7.2, with GnuTLS 2.8.6, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP.

Running on Mac OS 10.6.8 (Darwin 10.8.0), with locale nl_NL.UTF-8, with libpcap
version 1.1.1, with libz 1.2.5.

Built using gcc 4.2.1 (Apple Inc. build 5666) (dot 3).
sake@macsake-wifi:~$


Trying with version 1.6.1 also does not work:

sake@macsake-wifi:~$ /Applications/Wireshark-other/Wireshark-1.6.1.app/Contents/Resources/bin/tshark -r in.cap -w out.cap -F pcapng -R arp
tshark: The capture file being read can't be written in that format.
sake@macsake-wifi:~$ /Applications/Wireshark-other/Wireshark-1.6.1.app/Contents/Resources/bin/tshark -v
TShark 1.6.1 (SVN Rev Unknown from unknown)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.28.8, with libpcap 1.1.1, with libz 1.2.5, without
POSIX capabilities, without libpcre, without SMI, with c-ares 1.7.4, without
Lua, without Python, with GnuTLS 2.8.6, with Gcrypt 1.5.0, with MIT Kerberos,
with GeoIP.

Running on Mac OS 10.6.8 (Darwin 10.8.0), with libpcap version 1.1.1, with libz
1.2.5.

Built using gcc 4.2.1 (Apple Inc. build 5666) (dot 3).
sake@macsake-wifi:~$

Is it just me and my version(s) of tshark or is this a general problem at the moment with handling pcapng files?

Cheers,


Sake
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube