On Nov 11, 2017, at 10:45 AM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:
> I notice that the latest libpcap git repo calls pcap_open_rpcap from
> pcap_open_live ... but I did not check if that is available in 1.5.3
> that I have on my dev VM ...
pcap_open_rpcap() itself is probably not available in the 1.5.3 you have; it's part of the remote capture support, and that simply wasn't present *at all* in libpcap until recently. You'll *have* to build a newer libpcap, and use that, on your development VM if you want to do remote captures.
> Anyway, assuming that those things work (for some value of "work") the
> real problem is that the test in Wireshark's acinclude.m4 only checks
> for pcap_open and not pcap_open_live ...
Because libpcap has *always* had pcap_open_live() - if you have libpcap at all, you have pcap_open_live().
> However, my first interest is in getting the GTK stuff to show up and
> that is controller by HAVE_PCAP_REMOTE ..
To get it to show up *anywhere* in *shark you'll need a newer version of libpcap - or an older version with the remote-capture support patched in. You will *not* get it with any of the existing libpcap releases and, unless the supplier of the distribution on your development VM has patched it in, you won't get it with the libpcap in that distribution.
