I just built libpcap-1.2.1 and tcpdump-4.2.1 on Centos 6.2.
If I read a pcap-ng capture file from the Hone project, or one written by
Wireshark 1.7.2 on XP with the default filter, I get a message "snaplen
of 0 rejects all packets" and tcpdump displays no packets.
If I capture data with Wireshark with a maximum packet length of 65535,
or shorter, and save it as pcapng, I can read it in tcpdump.
I can't capture data from Hone, even with -s (tcpdump -r /dev/hone -s 500)
and I can't build a Wireshark that supports pcapng on RHEL 6 (glib in
latest release is too old)
Is there a way around this problem ?
--
Andrew Daviel, TRIUMF, Canada
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
