Hello, \M<+????????8TShark (Wireshark) 2.1.0 (v2.1.0-0-g46f9217 from master)\,q???????? ,[email protected]:~/PXPRS/tests$ The tshark command i'm using is this: It does print everything related to the legacy protocols - udp, tcp, http etc. tshark also complains on some missing libraries when trying sudo tshark -D: dyld: Library not loaded: @rpath/libssh.4.dylib Referenced from: /Applications/Wireshark.app/Contents/MacOS/extcap/ciscodump Reason: image not found How do i fix it? iez asked 06 Jul '16, 07:36  iez edited 06 Jul '16, 07:41 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Could you please file a bug on the Wireshark bugzilla and attach the
test.pcapfile, so we can try to reproduce the problem? It might be an issue of one-pass vs. two-pass processing.-wdoesn't write lines to the file, it writes a binary pcapng file by default. That file can be read by TShark and Wireshark and programs that use a sufficiently recent version of libpcap - your Mac probably has a sufficiently recent version of libpcap, so the tcpdump that ships with your Mac can probably read it. It is NOT, however, a text file, so you CAN'T read it withcatormoreorlessor TextEdit or....That might be an issue with the process of building the installation dmg for Wireshark. Try one of the 2.2.1 builds from the automated builds directory.
Guy, thanks for the reply. I did try 2-path processing - same result. The file produced with "-w file" is empty being opened by wireshark (size 136B). Sorry fro not being more specific. Filed a bug. Will try 2.2.1