This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Working of Dumpcap

0

How does Dumpcap work? Does it use pcap_open() or pcap_open_live() function? I got errors while running my custom Packet injector like:

`c:\pi> pi rpcap://my_device_name

ERROR: "Unable to open my_device_name. my_device_name is not supported by Winpcap."`

I came to know that dumpcap use these Functions. May I know how you Resolved this?

This question is marked "community wiki".

asked 12 Dec '11, 02:39

Terrestrial%20shark's gravatar image

Terrestrial ...
96212829
accept rate: 42%

edited 13 Dec '11, 01:00

grahamb's gravatar image

grahamb ♦
19.8k330206

One Answer:

3

On Windows, it uses pcap_open().

On UN*X, it uses pcap_create() and pcap_activate() if they're available on the machine on which it was built, and uses pcap_open_live() otherwise.

I assume from the c: in c:pi> that this is Windows, with support for rpcap built in. If so, rpcap URLs are supported, but they have to have the syntax as documented in the WinPcap documentation. The valid syntaxes are:

  1. rpcap://devicename - to open a local device named devicename
  2. rpcap://host/devicename - to open a device named devicename on the remote host host
  3. rpcap://host:port/devicename - to open a device named devicename on the remote host host, using port number port rather than the default port for the rpcap protocol

Your URL is trying to open a local device named my_device_name; if there's no device, supported by WinPcap, with that name, on your machine, that will, not surprisingly, fail.

answered 12 Dec '11, 14:42

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%