Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] message about "ipv6 not supported"

From: "Rachel McConnell" <rachel@xxxxxxxxxxxxxxxxx>
Date: Wed, 17 Sep 2008 10:53:37 -0700
Hi Guy, thanks so much for your help.  I thought I'd tried the
ipv6.addr syntax before, but apparently not as that does work for me!
So I now have a functional process; even if I have to capture all
packets I can at least filter them appropriately.  Many thanks.

On Tue, Sep 16, 2008 at 8:14 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
> On Sep 16, 2008, at 6:25 PM, Guy Harris wrote:
>> On Sep 16, 2008, at 6:01 PM, Rachel McConnell wrote:
>>
>>> Running on Darwin 8.11.1 (MacOS 10.4.11), with libpcap version 0.9.8.
>>
>> Are you using the libpcap that comes with Tiger, or did you build your
>> own version of libpcap?  I think the version that comes with Tiger
>> supports IPv6; try the command "tcpdump -d ip6" and see what it
>> prints.
>
> It appears that the libpcap that comes with Tiger
>
>        1) is libpcap 0.8.3
>
> and
>
>        2) supports IPv6.

My libpcap version:

cue:~ rachel$ sudo tcpdump --version
tcpdump version 3.9.7
libpcap version 0.9.4

If 0.8.3 supports ipv6 then I assume 0.9.4 should as well.  I can't
say where I got it from, however; I never installed it by hand but
I've installed a number of applications that may have updated it
without me noticing.

Per your suggestion, I also tried:

cue:~ rachel$ tcpdump -d ip6
tcpdump: no suitable device found
cue:~ rachel$ sudo tcpdump -d ip6
Password:
(000) ldh      [12]
(001) jeq      #0x86dd          jt 2    jf 3
(002) ret      #96
(003) ret      #0

I'm afraid I can make no sense of that output though.

>
> Where did you get your Wireshark installation from?

I have several versions of WIreshark from various places so it's not
impossible there are some peculiar dependency trails.  The version I
got working finally is a development version 1.1.0 that I downloaded
from SourceForge as a generic tarball (it was marked Platform
Independent) and built by hand.  (I tried the dmg, then a darwin ports
version, and both failed - I have more detail on this if it would be
helpful.)

If you have any other suggestions off the top of your head, I'd love
to hear it, but since I can at least function now I would also be
satisfied to leave it.

Rachel