We operate a lab with a variety of equipment that we need to monitor. We have a few router ports setup to mirror different interfaces for different lab signaling scenarios into an Ubuntu Server VM and then stream that back to the corporate LAN.
We use Windows BAT files that execute plink to login to the remote server. The plink binary then runs tcpdump with -i and -w and then we pipe that to wireshark with -k -i and - to capture the traffic with a distinct BAT file per interface (each mirror interface receiver on the Ubuntu VM handles different flows we want to watch). It's worked great for years with Wireshark (1.8, 1.10, 1.12 and 2.0) but if we upgrade our Wireshark instance to 2.2.x we get an error dialog from the Wireshark GUI that says, "Unrecognized libpcap format or not libpcap data" and the BAT window says, "Unable to write to standard output: The pipe is being closed".
We haven't changed the Ubuntu system where the TCPDUMP command is running, the plink binary, or the Windows host OS.
asked 11 May '17, 08:34
edited 12 May '17, 00:08
Guy Harris ♦♦
Just a quick status update... I updated my environment to 2.6.0rc0-6-gb8ad0997 and it is working again! Something must have changed between the 2.2 and 2.6 release candidate to address this but I'm happy again! :)
answered 11 Apr '18, 14:19