This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Remote capture - Can’t get list of interfaces: getaddrinfo() No such host is known.

Trying to use Wireshark Version 1.4.0rc2 (SVN Rev 33665 from /trunk-1.4) on Win XP to capture from my linux box running Wireshark Version 1.4.9 on Fedora 15 (2.6.38.6-26.rc1.fc15i386 with libcap version 1.1.1) On Capture Options, I specify "Remote" interface, Host "rpcapd://10.2.41.11" Username "pat" and Password.

I get a error message:

"Can't get list of interfaces: getaddrinfo() No such host is known."

I have also tried: Host "rpcapd://10.2.41.11/eth0"

I am running WinPcap 4.1.2 on the Windows box.

remote

asked 16 Nov '11, 13:53

gooberpat
1●1●1●1
accept rate: 0%

2 Answers:

0	You'll need to run rpcapd on the capture target. answered 17 Nov '11, 13:43 Jaap ♦ 11.7k●16●101 accept rate: 14%

WinPcap appears to assume that it will always be handed a host name, not an dotted-quad string, for remote packet capture; it uses getaddrinfo() on the string for the remote packet host, and, at least as I read the Mac OS X getaddrinfo() man page, it expects to be handed a host name. Microsoft's man page equivalent says "The getaddrinfo function provides protocol-independent translation from an ANSI host name to an address.", which appears also ti indicate that it expects to be handed a host name rather than a dotted-quad string.

If the host at 10.2.41.11 has a host name, try using it instead of the dotted-quad. If it doesn't have a host name, and you can give it one (that can be resolved with a local host file, or that you can enter into the appropriate DNS or other name resolution server, e.g. NBNS/WINS), do so and then try using it instead of the dotted quad.

And then file a bug against WinPcap for this; it's a bug that you can't use a dotted-quad or colonized-octet :-) address there.

answered 17 Nov '11, 22:20

Guy Harris ♦♦
17.4k●3●35●196
accept rate: 19%