On Dec 3, 2018, at 12:01 PM, Richard Sharpe <realrichardsha...@gmail.com> wrote:
> Over the weekend I was doing some work with rpcap.
>
> I stumbled on one on github but that does not work and uses weird data
> link types for regular Ethernet interfaces. I saw this message from
> dumpcap, for example:
>
> (unknown data link type 3)
>
> However, the version in libpcap/rpcapd works flawlessly with Wireshark
> as far a I can tell.
Yes; the testing I've been doing with it - on macOS, Ubuntu,
{Free,Net,Open,DragonFly }BSD, Solaris, and Windows - has largely been with
tcpdump, but that all goes through libpcap, so it should work. (I fixed a bug
in which rpcapd was just sending network addresses for interfaces over the wire
in raw socket address format; *most* systems have formats that happen to be the
same over the wire, but Solaris didn't, so pcap_findalldevs_ex() didn't work
between Solaris clients and other servers and Solaris servers and other
clients.)
libpcap and tcpdump get CI builds from both Travis, on Linux and macOS, and
Appveyor, on Windows (with both the WinPcap and Npcap SDKs); the UN*X builds
test both without and with remote-capture support (using both autotools and
CMake, crossed with both GCC and Clang), and the Windows builds test with
remote-capture support. The tests make sure it compiles; they don't test
whether remote capture runs - I've tested it, as per the above.
The one at
https://github.com/rpcapd-linux/rpcapd-linux
is presumably the one you found; it's no longer necessary.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
