Wireshark-users: Re: [Wireshark-users] Installing with libpcap 1.0
From: Brian Rayburn <bgrayburn@xxxxxxxxx>
Date: Mon, 14 Dec 2009 12:07:32 -0500
believe it or not, this problem is still kicking me around (although I haven't really put in any effort since I last responded except:). I have gotten the top of the git-tree libpcap and confirmed it's installation with
ldconfig -p | grep pcap
which returns a nice:
libpcap.so.1 (libc6) => /usr/local/lib/libpcap.so.1
libpcap.so.0.8 (libc6) => /usr/lib/libpcap.so.0.8
libpcap.so (libc6) => /usr/local/lib/libpcap.so
But when I install wireshark, it still uses to the .0.9.8 (through a symbolic link in the 0.8 reference shown above). This I gather from the About Wireshark screen in wireshark which lists the libraries used.
Can I force Wireshark to use the newer version?
ldconfig -p | grep pcap
which returns a nice:
libpcap.so.1 (libc6) => /usr/local/lib/libpcap.so.1
libpcap.so.0.8 (libc6) => /usr/lib/libpcap.so.0.8
libpcap.so (libc6) => /usr/local/lib/libpcap.so
But when I install wireshark, it still uses to the .0.9.8 (through a symbolic link in the 0.8 reference shown above). This I gather from the About Wireshark screen in wireshark which lists the libraries used.
Can I force Wireshark to use the newer version?
On Fri, Sep 18, 2009 at 12:08 PM, Brian Rayburn <bgrayburn@xxxxxxxxx> wrote:
Well my work is a bit tight on security so I'll have to get the top of the git-tree version this weekend. I misspoke when I said it was installed with libpcap .9. More specifically under the "About Wireshark" option under the Help drop down menu, it says "Running on Linux 2.6.24-22-generic, with libpcap version 0.9.8." Could this be wrong? If so how would I check that? If this isn't wrong, how do I instruct Wireshark to run with the later version I've I'm still getting used to the inner works of *nix so I strongly appreciate your patience and clear explanation.
Date: Thu, 10 Sep 2009 12:16:41 -0700
From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Installing with libpcap 1.0
To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
Message-ID: <90BF45DE-2D55-4E88-BC12-A0779C372F62@xxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yesBy "installs with" do you mean "runs with"? I don't think any debs
On Sep 10, 2009, at 12:01 PM, Brian Rayburn wrote:
> So I'm running Ubuntu and installing wireshark with apt-get. I
> installed libpcap 1.0 before installing wireshark using autoconf but
> wireshark still installs with libpcap .9.
for Wireshark themselves *include* a deb for libpcap; however, as
they're probably built with a libpcap shared library, they probably
*depend* on the libpcap deb.
I hope that dependence can be, and is, expressed as "needs libpcap .9
*or later*", so it doesn't *fail* if 1.0 is installed. Given that
libpcap 1.0 is binary-compatible with earlier versions, it should, if
possible, be so expressed.
Unfortunately, the "obvious" version number of libpcap 0.x is 0 and
the "obvious" version number of libpcap 1.x is 1, so, unless the
packagers have, for example, either
1) ignored that and called it libpcap.0
or
2) added the appropriate symlinks so that programs expecting a
libpcap.0 shared library will be linked with the libpcap.1 shared
library
that binary compatibility won't actually work.
On top of that, I infer that "I installed libpcap 1.0 before
installing wireshark using autoconf" means you built libpcap 1.0 from
source and installed it; libpcap 1.0, by default, builds and installs
only a static library, which means that only programs that you compile
with that version of libpcap after you install that version will use
it - Wireshark, which is probably dynamically linked with libpcap,
won't.
However:...what you *really* want in order to sniff USB messages is the top-of-
> I need 1.0 in order to sniff USB messages.
Git-tree version of libpcap, as that fixes a bunch of bugs in USB
sniffing.
Another advantage of the top-of-Git-tree version of libpcap is that...
...it builds and installs a shared library by default on most
platforms, including Linux.
It won't *replace* the libpcap on your system by default, as it'll
install libpcap in /usr/local/lib rather than /usr/lib.
- Follow-Ups:
- Re: [Wireshark-users] Installing with libpcap 1.0
- From: Stephen Fisher
- Re: [Wireshark-users] Installing with libpcap 1.0
- Prev by Date: [Wireshark-users] I would like to ask my following two questions:
- Next by Date: Re: [Wireshark-users] Capture Filter Inquiry
- Previous by thread: Re: [Wireshark-users] I would like to ask my following two questions:
- Next by thread: Re: [Wireshark-users] Installing with libpcap 1.0
- Index(es):