Wireshark-bugs: [Wireshark-bugs] [Bug 9565] New: Wireshark will no longer capture from FIFO
Date: Mon, 16 Dec 2013 17:57:08 +0000
Bug ID 9565
Summary Wireshark will no longer capture from FIFO
Classification Unclassified
Product Wireshark
Version 1.11.x (Experimental)
Hardware x86-64
OS Mac OS X 10.8
Status UNCONFIRMED
Severity Normal
Priority Low
Component Wireshark
Assignee bugzilla-admin@wireshark.org
Reporter sean@seanharlow.info

Build Information:
phoenix-w:~ wolrah$ wireshark -v
FIX: packet list heading menu sensitivity 
wireshark 1.11.2 (SVN Rev 53411 from /trunk)

Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.1.1 with GLib 2.36.0, with libpcap, with libz
1.2.3,
without POSIX capabilities, with SMI 0.4.8, without c-ares, without ADNS, with
Lua 5.1, without Python, with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT
Kerberos, with GeoIP, without PortAudio, with AirPcap.

Running on Mac OS X 10.8.5, build 12F45 (Darwin 12.5.0), with locale
en_US.UTF-8, with libpcap version 1.1.1, with libz 1.2.5, GnuTLS 2.12.19,
Gcrypt
1.5.0, without AirPcap.
Intel(R) Core(TM)2 Duo CPU     T8300  @ 2.40GHz

Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).
--
I often have to capture packets from a variety of *nix appliance devices that
lack any native capture interface or ability to capture in real time, and have
found that in general with anything that has SSH and tcpdump on it I can do the
following:

<Terminal A>
mkfifo /tmp/pcap1
ssh user@host "tcpdump -i eth0 -s 0 -w - not port 22" > /tmp/pcap

<Terminal B>
wireshark -ki /tmp/pcap


On versions 1.10.3 and prior, Wireshark starts, launches X11/XQuartz if
required, and after entering a password in Terminal A if not using key auth I
start to see a near-realtime stream of packets from the remote device.

On version 1.11.2, I simply get the normal interface selection display which
obviously does not list my FIFO as an interface.  Even attempting to set the
"default interface" to /tmp/pcap does not work.  There seems to be no way in
this version to select anything to capture from that Wireshark doesn't see as a
standard network interface.

I have not tested on a non-Mac system so I do not know if this regression in
functionality is across the board for 1.11.x or exclusive to the Qt version.  I
assume the latter, but am not sure since the CLI flags presumably aren't
intended to change and its those I'm trying to use.


You are receiving this mail because:
  • You are watching all bug changes.