So I want to run the WireShark GUI on my local Mac workstation, and remotely capture data from a couple of RHEL7 systems. From the command line it works fine (using SSH port just to test that I'm capturing packets): But from the GUI, using the extcap dialog, it fails with 'capturing from a pipe doesn't support pcapng format'. I tried specifying the -P option to /sbin/dumpcap in the 'remote capture binary' field, it interprets the whole string as the binary name and dies with 'no such file or directory'. I tried writing a simple wrapper script that prepends the command line arguments with a -P, but then something goes wrong with the filters. I went to preferences and looked for relevant options. There's a capture.pcap_ng, I tried changing it to FALSE but still fails. I'm assuming that's for local captures, not remote. I saw some posts about using dpkg to configure the wireshark RPM, but the remote collector is on RHEL and I don't have dpkg available. So is there some way to either configure the GUI to correctly interpret default dumpcap output (pcap-ng), or to configure the default format output by dumpcap to be libpcap? Thanks! asked 30 Nov '16, 16:19  soppenlander edited 10 Jan '17, 02:58  grahamb ♦ showing 5 of 9 show 4 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
you may try n use this tool - https://app.mojopackets.com
Wireshark version?
Wireshark version is 2.2.2-0-g775fb08. The remote dumpcap version is 1.10.14-10 and the remote libpcap version is 1.5.3-8.
There have been some changes in this area, could you try one of the recent automated 2.3.0 builds?
I had gotten my existing 2.2.2 install working with /sbin/tcpdump through the GUI this morning.
I upgraded to 2.3.0-1581-g7fe45cc. Neither tcpdump nor dumpcap work through the GUI now. Dumpcap does still work with the above ssh/wireshark command line above.
I did have sshdump to tcpdump working a few weeks ago (on Windows), but it doesn't work for me now, looks like it's time to raise a bug at the Wireshark Bugzilla.
@grahamb I'm not finding the bug in Bugzilla. Is there one filed?
I tested last week with a locally built development version 2.3.0 from Windows to a Linux machine and it worked for me. Grab a 2.3.0 build from here.
Hmm, it seems that sshdump only works from the build directory. Creating an installer and using that on the host that runs my build VM doesn't work, I get a pipe error. More investigation (and a bug report) required.