Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] rpcap support seems to have disappeared ...

From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>
Date: Sat, 11 Nov 2017 12:10:31 -0800
On Sat, Nov 11, 2017 at 11:38 AM, Richard Sharpe
<realrichardsharpe@xxxxxxxxx> wrote:
> On Sat, Nov 11, 2017 at 11:11 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>> On Nov 11, 2017, at 11:06 AM, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:
>>
>>> Sure. The immediate problem though is that acinclude.m4 assumes that
>>> checking for pcap_open is sufficient and required to enable
>>> HAVE_PCAP_REMOTE.
>>
>> If you don't have pcap_open(), you probably don't have remote support, which is why it's required.
>>
>> I suppose it isn't "sufficient" in the sense that one could, in principle, build a version of libpcap that has pcap_open() but that only supports local capture, but that's rather unlikely.
>>
>>> Having hacked my way around that, it is clear from the resulting build
>>> failures that a more recent version of libpcap is required :-(
>>
>> That's the universe's way of telling you that perhaps, sometimes, you should trust that autotools knows what it's doing, and not try to hack around it. :-)
>
> Well, I am trying to figure out the simplest required things to get
> this working on Linux ...
>
> Now that I have the latest version of libpcap from the repo built and
> installed, I seem to have library issues, but I can figure those out
> ...

Building the latest version of libpcap with --enable-remote seems to
make things work.

Wireshark 2.5.xxx brings up the remote capture interface stuff and
tries to connect to the device I nominated, which gave back a
connection refused ... since nothing is listening on the port I
nominated ...

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)