Wireshark-users: Re: [Wireshark-users] CentOS 6.3 and DUMPCAP -B option
From: John Powell <jrp999@xxxxxxxxx>
Date: Wed, 8 Aug 2012 13:36:44 -0600
Guy, Thank you for your suggestion and the information that the -B option first showed up in Wireshark 1.4.0.  That was good to know.  I was fearing I may have to build from source but I am concerned about keeping it updated.

Jeff, I tried to install a later version of wireshark 1.4 on my 6.3 box but ran into issues with GTK+ and others

checking for GTK+ - version >= 2.4.0... no
*** Could not run GTK+ test program, checking why...
*** The test program failed to compile or link. See the file config.log for the
*** exact error that occured. This usually means GTK+ is incorrectly installed.
configure: error: GTK+ 2.4 or later isn't available, so Wireshark can't be compiled
  • I am new at the whole linux game, would it be possible for you to send me details on how the later version of Wireshark got installed on your 6.1 CentOS machine?
  • I am assuming it was installed from source and not from a repository, but if it was from a repository could you let me know which one?
Thanx again everyone - your input is greatly appreciated!


On Wed, Aug 8, 2012 at 1:13 PM, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:
Michael Tuexen wrote:
On Aug 8, 2012, at 7:39 PM, Jeff Morriss wrote:

John Powell wrote:
Hi Everyone,
I am performing a continuous capture of a large IP stream using dumpcap.
I have been told by my users that they are experiencing packet drop.
I am running CentOS 6.3 with:
   * wireshark-1.2.15-2.el6_2.1.x86_64
   * wireshark-gnome-1.2.15-2.el6_2.1.x86_64
   * libpcap-1.0.0-6.20091201git117cb5.el6.x86_64
I found this solution on a Dumpcap man page:
*-B <capture buffer size>*
but alas this options in not available on my build even though I am running libpcap 1.0.0-6.
*Any suggestions as to how to utilize the capture buffer size option on my machine will be greatly appreciated!*
What kind of error are you getting that says "-B" isn't working?  I just tried it on 6.1 and dumpcap did not complain when I gave it the "-B" argument.
Not sure, but wireshark 1.2.15 is pretty old. Does it already support the -B option?

Doh!  You're right.  I hadn't noticed that someone had installed another (2nd and much more modern) version of Wireshark on my 6.1 system (which was of course first in my path)...

Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users