Re: Having hard time creating my capture device

["Fulko Hew" <fulko.hew () gmail com>]

On 8/24/07, Guy Harris <guy () alum mit edu> wrote:
> Audet, Jean-Michel wrote:
>
> > My problem is when I am starting the capture.  My function close is
> > called then the find device loop starts, all the device (including
> > Ethernet, lo, ...) are re-open than close and is stuck in a loop.  Than
> > I got a message from Wireshark that the process just died.
>
> What was the exact message?
>
> It could be that the process crashed, perhaps in your code.



I found a similar symptom when I was debugging my code...

1/ Wireshark actually appears to be a two part application with
   lt-wireshark and lt-dumpcap.
2/ For historical reasons, I had a capture filter defined
   that automatically was included whenever I started Wireshark.
3/ My version allows me to trace WAN protocols too.
4/ Whenever I tried to monitor a WAN port with an IP (like) capture
   filter, lt-dumpcap would die.
5/ Wireshark would display a popup "Child capture process dies: Abort".
   And I'd see the 'finddevice' loop going.

I haven't bother to figure out right now why the BPF compiler doesn't
like the filter when monitoring WANs, so I just ensure that I only
have an appropriate filter when monitoring WAN ports.

For example:

"NOT IP HOST 10.23.0.206" is OK when monitoring Ethernets, but not WANs.
"ether[1] == 0x47"  is OK when monitoring either Ethernets _or_ WANs.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.