Wireshark mailing list archives

Re: Windows dumpcap -i TCP@<IP>

From: James Ko <ko_2_73 () hotmail com>
Date: Wed, 3 Oct 2018 16:22:48 +0000

Just to follow up.  I created bug #15149<https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15149> and submitted a fix 
for review 29894<https://code.wireshark.org/review/#/c/29894/> based on master.

Do I need to create a separate patch if I need this included in the next 2.6.x release?

James

________________________________
From: James Ko <jim.list () hotmail com>
Sent: Wednesday, September 19, 2018 00:42
To: Developer support list for Wireshark
Subject: Re: Windows dumpcap -i TCP@<IP>

Actually wireshark is not running on the Linux side and this is not using rpcap.

I am using the TCP@ sockets stream support built in to dumpcap rather than extcap or rpcap.

On the linux side I have a TCP server which generates PCAPNG data with SHB and IDB sent to any client connecting 
followed by EPBs.

I have wireshark/dumpcap 2.6.2 on Windows and Linux (Ubuntu 18.04) clients.


James



From: Anders Broman
Sent: Tuesday, September 18, 00:27
Subject: Re: [Wireshark-dev] Windows dumpcap -i TCP@<IP>
To: Developer support list for Wireshark


What version of Wireshark and what Linux version on the remote side? I think some work has ben done on rpcap recently 
so trying out the development version
is an option. https://www.wireshark.org/download/automated/win64/
Regards
Anders

From: Wireshark-dev <wireshark-dev-bounces () wireshark org> On Behalf Of James Ko
Sent: den 18 september 2018 02:22
To: wireshark-dev () wireshark org
Subject: [Wireshark-dev] Windows dumpcap -i TCP@<IP>

Hi,

I am trying to connect to a remote PCAPNG stream from Windows using the TCP@ socket interface but the connection closes 
immediately after connecting.  The same dumpcap command on linux works just fine to the remote TCP socket.

No errors indicating any failure are printed from dumpcap.exe
C:\>"\Program Files\Wireshark\dumpcap.exe" -i TCP@192.168.1.100<mailto:TCP@192.168.1.100> -w -
Capturing on 'TCP@192.168.1.100'
dumcap:

C:\>

On the remote end running in linux I see a connect and disconnect with EPOLLHUP event.

Has anyone else tried or have remote TCP socket connections working with dumpcap in Windows?

James

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Windows dumpcap -i TCP@<IP> James Ko (Oct 03)
- Re: Windows dumpcap -i TCP@<IP> Graham Bloice (Oct 03)
  - Re: Windows dumpcap -i TCP@<IP> Graham Bloice (Oct 03)
    - Re: Windows dumpcap -i TCP@<IP> James Ko (Oct 03)
    - Re: Windows dumpcap -i TCP@<IP> Graham Bloice (Oct 03)
    - Re: Windows dumpcap -i TCP@<IP> James Ko (Oct 04)
    - Re: Windows dumpcap -i TCP@<IP> Peter Wu (Oct 04)
    - Re: Windows dumpcap -i TCP@<IP> James Ko (Oct 04)