Wireshark-users: Re: [Wireshark-users] Installing with libpcap 1.0
From: Brian Rayburn <bgrayburn@xxxxxxxxx>
Date: Fri, 18 Sep 2009 13:08:13 -0400
Well my work is a bit tight on security so I'll have to get the top of the git-tree version this weekend.  I misspoke when I said it was installed with libpcap .9.  More specifically under the "About Wireshark" option under the Help drop down menu, it says "Running on Linux 2.6.24-22-generic, with libpcap version 0.9.8."  Could this be wrong? If so how would I check that?  If this isn't wrong, how do I instruct Wireshark to run with the later version I've  I'm still getting used to the inner works of *nix so I strongly appreciate your patience and clear explanation.

Date: Thu, 10 Sep 2009 12:16:41 -0700
From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Installing with libpcap 1.0
To: Community support list for Wireshark
Message-ID: <90BF45DE-2D55-4E88-BC12-A0779C372F62@xxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes

On Sep 10, 2009, at 12:01 PM, Brian Rayburn wrote:

> So I'm running Ubuntu and installing wireshark with apt-get.  I
> installed libpcap 1.0 before installing wireshark using autoconf but
> wireshark still installs with libpcap .9.

By "installs with" do you mean "runs with"?  I don't think any debs
for Wireshark themselves *include* a deb for libpcap; however, as
they're probably built with a libpcap shared library, they probably
*depend* on the libpcap deb.

I hope that dependence can be, and is, expressed as "needs libpcap .9
*or later*", so it doesn't *fail* if 1.0 is installed.  Given that
libpcap 1.0 is binary-compatible with earlier versions, it should, if
possible, be so expressed.

Unfortunately, the "obvious" version number of libpcap 0.x is 0 and
the "obvious" version number of libpcap 1.x is 1, so, unless the
packagers have, for example, either

       1) ignored that and called it libpcap.0


       2) added the appropriate symlinks so that programs expecting a
libpcap.0 shared library will be linked with the libpcap.1 shared

that binary compatibility won't actually work.

On top of that, I infer that "I installed libpcap 1.0 before
installing wireshark using autoconf" means you built libpcap 1.0 from
source and installed it; libpcap 1.0, by default, builds and installs
only a static library, which means that only programs that you compile
with that version of libpcap after you install that version will use
it - Wireshark, which is probably dynamically linked with libpcap,


> I need 1.0 in order to sniff USB messages.

...what you *really* want in order to sniff USB messages is the top-of-
Git-tree version of libpcap, as that fixes a bunch of bugs in USB

Another advantage of the top-of-Git-tree version of libpcap is that...

...it builds and installs a shared library by default on most
platforms, including Linux.

It won't *replace* the libpcap on your system by default, as it'll
install libpcap in /usr/local/lib rather than /usr/lib.