I'm trying to set up tshark to do a remote capture on Linux. I compiled git head tshark against winpcap 4.1.3 (which involved disabling -Werror) and I can now run I'm thinking the problem is somewhere in caputils/ and differences between pcap 0.8 and winpcap, but I can't work out where. asked 16 Jun '16, 19:09 TRS-80 |
One Answer:
Then you're definitely in unsupported territory. There might be, for example, an issue with the UN*X-socket code in WinPcap's remote-capture code, so that your libpcap-built-with-WinPcap's-remote-capture-code doesn't work right (there are wrappers to cover up the differences between UN*X Berkeley sockets APIs and the Winsock variants of those APIs, and there might be some code rot in the UN*X-socket side). The Wireshark code also hasn't been rigorously tested with a pcap on UN*X with answered 17 Jun '16, 02:13 Guy Harris ♦♦ It looks like it used to work: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2809 but I tried doing that (just adding --with-remote-pcap to configure, the LD_PRELOAD WinPcap's libpcap) and it fails in the same fashion. (25 Jul '16, 22:12) TRS-80 |
By "on Linux" do you mean "I've compiled the libpcap source from WinPcap on Linux to make a version of libpcap with remote capture support, and compiled TShark with that version of libpcap", so that the host running TShark is a Linux machine, not just the remote machine with the rpcap daemon (which is presumably a Linux, given the interface name
wifi0
)?That is precisely correct. The remote machine is an enterprise wireless access point running rpcapd, so I can't just ssh in and run dumpcap.