Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] rpcap support seems to have disappeared ...

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>
Date: Sat, 11 Nov 2017 11:06:58 -0800
On Sat, Nov 11, 2017 at 10:52 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
> On Nov 11, 2017, at 10:45 AM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:
>
>> I notice that the latest libpcap git repo calls pcap_open_rpcap from
>> pcap_open_live ... but I did not check if that is available in 1.5.3
>> that I have on my dev VM ...
>
> pcap_open_rpcap() itself is probably not available in the 1.5.3 you have; it's part of the remote capture support, and that simply wasn't present *at all* in libpcap until recently.  You'll *have* to build a newer libpcap, and use that, on your development VM if you want to do remote captures.

Looks that way based on the results from below.

>> Anyway, assuming that those things work (for some value of "work") the
>> real problem is that the test in Wireshark's acinclude.m4 only checks
>> for pcap_open and not pcap_open_live ...
>
> Because libpcap has *always* had pcap_open_live() - if you have libpcap at all, you have pcap_open_live().

Sure. The immediate problem though is that acinclude.m4 assumes that
checking for pcap_open is sufficient and required to enable
HAVE_PCAP_REMOTE.

Having hacked my way around that, it is clear from the resulting build
failures that a more recent version of libpcap is required :-(

>> However, my first interest is in getting the GTK stuff to show up and
>> that is controller by HAVE_PCAP_REMOTE ..
>
> To get it to show up *anywhere* in *shark you'll need a newer version of libpcap - or an older version with the remote-capture support patched in.  You will *not* get it with any of the existing libpcap releases and, unless the supplier of the distribution on your development VM has patched it in, you won't get it with the libpcap in that distribution.
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube