Wireshark mailing list archives
Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows?
From: Guy Harris <guy () alum mit edu>
Date: Mon, 4 Jan 2016 12:12:50 -0800
On Jan 4, 2016, at 4:08 AM, Anders Broman <anders.broman () ericsson com> wrote:
As a test I tried to compile Wireshark with HAVE_PCAP_CREATE set using nmake
Linking dumpcap.exe
link @C:\Users\etxrab\AppData\Local\Temp\nmFF17.tmp
dumpcap.obj : error LNK2019: unresolved external symbol pcap_create referenced in function open_capture_device
...
dumpcap.exe : fatal error LNK1120: 9 unresolved externals Not sure why linking fails :-(
It fails because Wireshark doesn't link directly with WinPcap; it's built to load WinPcap at run time, so that we don't need to ship separate versions of Wireshark, one built with WinPcap (to use if you want to capture traffic and are willing to install WinPcap) and one not built with WinPcap (if you don't need to capture traffic and don't want WinPcap installed). Therefore, Wireshark has its own versions of all the pcap_ routines, in caputils/capture-wpcap.c, which call the underlying WinPcap routines through pointers set by g_module_symbol() after doing a ws_load_module() of WinPcap. So caputils/capture-wpcap.c would have to be changed to add wrapper routines for pcap_create(), pcap_set_snaplen(), pcap_set_promisc(), pcap_can_set_rfmon(), pcap_set_rfmon(), pcap_set_timeout(), pcap_set_buffer_size(), pcap_activate(), and pcap_statustostr(), calling them through pointers, and add entries for those functions to the symbols[] table in load_wpcap(). Note that, unless dumpcap is changed to, at least on Windows, check at *run-time* whether we have pcap_create() or not, and use pcap_open_live() if we don't, the change to caputils/capture-wpcap.c would have to require that all those routines are present, and mark WinPcap as not present if they're not. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Yang Luo (Jan 01)
- Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Guy Harris (Jan 01)
- Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Anders Broman (Jan 04)
- Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Guy Harris (Jan 04)
- Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Guy Harris (Jan 06)
- Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Yang Luo (Jan 11)
- Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Guy Harris (Jan 11)
- Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Anders Broman (Jan 04)
- Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Guy Harris (Jan 01)
- <Possible follow-ups>
- Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Yang Luo (Jan 01)
- Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Guy Harris (Jan 01)