Re: If you need a version of rpcapd for Linux, use the one in the libpcap sources

[Guy Harris <guy () alum mit edu>]

On Dec 3, 2018, at 12:01 PM, Richard Sharpe <realrichardsharpe () gmail com> wrote:

> Over the weekend I was doing some work with rpcap.
>
> I stumbled on one on github but that does not work and uses weird data
> link types for regular Ethernet interfaces. I saw this message from
> dumpcap, for example:
>
>    (unknown data link type 3)
>
> However, the version in libpcap/rpcapd works flawlessly with Wireshark
> as far a I can tell.

Yes; the testing I've been doing with it - on macOS, Ubuntu, {Free,Net,Open,DragonFly }BSD, Solaris, and Windows - has 
largely been with tcpdump, but that all goes through libpcap, so it should work.  (I fixed a bug in which rpcapd was 
just sending network addresses for interfaces over the wire in raw socket address format; *most* systems have formats 
that happen to be the same over the wire, but Solaris didn't, so pcap_findalldevs_ex() didn't work between Solaris 
clients and other servers and Solaris servers and other clients.)

libpcap and tcpdump get CI builds from both Travis, on Linux and macOS, and Appveyor, on Windows (with both the WinPcap 
and Npcap SDKs); the UN*X builds test both without and with remote-capture support (using both autotools and CMake, 
crossed with both GCC and Clang), and the Windows builds test with remote-capture support.  The tests make sure it 
compiles; they don't test whether remote capture runs - I've tested it, as per the above.

The one at

        https://github.com/rpcapd-linux/rpcapd-linux

is presumably the one you found; it's no longer necessary.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe