On 2011-12-07 16:06, Sake Blok wrote:
> Hi all,
>
> When I use my version(s) of tshark, I have a problem using tshark to save pcapng files back to file:
>
> sake@macsake-wifi:~$ capinfos -t in.cap
> File name: in.cap
> File type: Wireshark - pcapng
> Packet size limit: inferred: 96 bytes
> sake@macsake-wifi:~$ tshark -r in.cap -w out.cap -R arp
> dlsym(0x7fff5fc43ed0, py_create_dissector_handle): symbol not found
> tshark: The capture file being read can't be written as a "libpcap" file.
---[snip]---
> Is it just me and my version(s) of tshark or is this a general problem at the moment with handling pcapng files?
The problem appears to be on your side. No problem on this
side with wireshark-1.7.1-SVN-40068 on a Mac OS X 10.6.8:
Both these operations performed correctly:
$ sudo ~/sandbox/wireshark-1.7.1-SVN-40068/tshark -w test.pcapng
$ ~/sandbox/wireshark-1.7.1-SVN-40068/tshark -r test.pcapng \
-w z.pcapng -R arp
The z.pcapng file only contained arp packets.
----------
~/sandbox/wireshark-1.7.1-SVN-40068/tshark -v
TShark 1.7.1-SVN-40068 (SVN Rev Unknown from unknown)
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.30.2, with libpcap 1.1.1, with libz 1.2.5,
without
POSIX capabilities, with SMI 0.4.8, with c-ares 1.7.5, with Lua 5.1, without
Python, with GnuTLS 2.12.11, with Gcrypt 1.5.0, with MIT Kerberos, without
GeoIP.
Running on Mac OS 10.6.8 (Darwin 10.8.0), with locale pt_PT.UTF-8, with
libpcap
version 1.1.1, with libz 1.2.5.
Built using gcc 4.2.1 (Apple Inc. build 5666) (dot 3).
----------
Regards,
jpo
--
Jos� Pedro Oliveira
* mailto:jpo@xxxxxxxxxxxx *
