Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: rpcap support seems to have disappeared ...

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Sat, 11 Nov 2017 11:06:58 -0800
On Sat, Nov 11, 2017 at 10:52 AM, Guy Harris <guy () alum mit edu> wrote:

On Nov 11, 2017, at 10:45 AM, Richard Sharpe <realrichardsharpe () gmail com> wrote:


I notice that the latest libpcap git repo calls pcap_open_rpcap from
pcap_open_live ... but I did not check if that is available in 1.5.3
that I have on my dev VM ...


pcap_open_rpcap() itself is probably not available in the 1.5.3 you have; it's part of the remote capture support, 
and that simply wasn't present *at all* in libpcap until recently.  You'll *have* to build a newer libpcap, and use 
that, on your development VM if you want to do remote captures.


Looks that way based on the results from below.


Anyway, assuming that those things work (for some value of "work") the
real problem is that the test in Wireshark's acinclude.m4 only checks
for pcap_open and not pcap_open_live ...


Because libpcap has *always* had pcap_open_live() - if you have libpcap at all, you have pcap_open_live().


Sure. The immediate problem though is that acinclude.m4 assumes that
checking for pcap_open is sufficient and required to enable
HAVE_PCAP_REMOTE.

Having hacked my way around that, it is clear from the resulting build
failures that a more recent version of libpcap is required :-(


However, my first interest is in getting the GTK stuff to show up and
that is controller by HAVE_PCAP_REMOTE ..


To get it to show up *anywhere* in *shark you'll need a newer version of libpcap - or an older version with the 
remote-capture support patched in.  You will *not* get it with any of the existing libpcap releases and, unless the 
supplier of the distribution on your development VM has patched it in, you won't get it with the libpcap in that 
distribution.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe




-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: