Re: how to read a live changing capture file with a tcpdump or wireshark like with tail for a file.
thanks Jason. netcat seems suited for this. I will check this out. Best Regards, Mubeesh On Wed, Mar 2, 2011 at 8:42 PM, Jason C. Wells j...@speakeasy.net wrote: On 03/01/11 08:07, Mubeesh ali wrote: Hi , We do wifi troubleshooting and are planning to use kismet for wireless captures. It produces a file that will be written into every 300 secs(configurable value ,we use 30 secs). While comparing with a expensive windows sniffer like Omnipeek the only disadvantage of this free tool is we have to continoulsly do tcpdump -r filename.pcap as the file changes. same with wireshark we need to hit the refresh button. Is there something equivalent to 'tail' for changing files for reading pcap files ? Appreciate any suggestions. netcat? -- Best Regards, Mubeesh Ali.V.M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
how to read a live changing capture file with a tcpdump or wireshark like with tail for a file.
Hi , We do wifi troubleshooting and are planning to use kismet for wireless captures. It produces a file that will be written into every 300 secs(configurable value ,we use 30 secs). While comparing with a expensive windows sniffer like Omnipeek the only disadvantage of this free tool is we have to continoulsly do tcpdump -r filename.pcap as the file changes. same with wireshark we need to hit the refresh button. Is there something equivalent to 'tail' for changing files for reading pcap files ? Appreciate any suggestions. -- Best Regards, Mubeesh Ali.V.M ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Wireshark
On Thu, 11 Sep 2008 19:38:50 -0400, matt donovan wrote On Thu, Sep 11, 2008 at 7:32 PM, Christopher Cowart [EMAIL PROTECTED] wrote: Grant Peel wrote: Just attempting to install the port. Something I noticed when the install crapped out was that it wanted me to use the Force Package Register for the OpenSSL_Overwrite_Base port. That port was already installed, what would be the correct method to deal with this? I usually only see this error with ports we've written in-house. Usually it happens because the dependency check on a specific file is bad. The check fails, which causes the port to believe it needs to install the dependency, but the package registry gets upset because the package is already installed and it doesn't think it needs to be reinstalled. If these are real ports, you might want to report the brokenness. You'll probably find that you can FORCE_PKG_REGISTER=1 and leave it at that (though I typically treat it as a last resort and instead opt for fixing the port). -- Chris Cowart Network Technical Lead Network Infrastructure Services, RSSP-IT UC Berkeley I wrote this but gmail default reply is not reply-all go to the openssl port and run make replace and it should replace base but I actually don't really suggest it. since I don't really see a need to even from wireshark which I have installed without overwriting openssl_base ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Matt, Chris, First off, thanks for taking the time to reply :-) I am afraid however, that you have completely lost me. This is not the first time I have installed a port, and the reccommendation to use 'FORCE_PACKAGE_REGISTER has been seen. Unfortunately, I have no idea what port you guys are suggesting is really broken, is it the OpenSSL_Overwrite_Base or the one I am trying to install? If it is the OpenSSL one, can you explain in simple terms how I should deal with it? TIA, -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Wireshark
On Sep 12, 2008, at 5:39 AM, gpeel wrote: On Thu, 11 Sep 2008 19:38:50 -0400, matt donovan wrote On Thu, Sep 11, 2008 at 7:32 PM, Christopher Cowart [EMAIL PROTECTED] wrote: Grant Peel wrote: Just attempting to install the port. Something I noticed when the install crapped out was that it wanted me to use the Force Package Register for the OpenSSL_Overwrite_Base port. That port was already installed, what would be the correct method to deal with this? I usually only see this error with ports we've written in-house. Usually it happens because the dependency check on a specific file is bad. The check fails, which causes the port to believe it needs to install the dependency, but the package registry gets upset because the package is already installed and it doesn't think it needs to be reinstalled. If these are real ports, you might want to report the brokenness. You'll probably find that you can FORCE_PKG_REGISTER=1 and leave it at that (though I typically treat it as a last resort and instead opt for fixing the port). -- Chris Cowart Network Technical Lead Network Infrastructure Services, RSSP-IT UC Berkeley I wrote this but gmail default reply is not reply-all go to the openssl port and run make replace and it should replace base but I actually don't really suggest it. since I don't really see a need to even from wireshark which I have installed without overwriting openssl_base ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Matt, Chris, First off, thanks for taking the time to reply :-) I am afraid however, that you have completely lost me. This is not the first time I have installed a port, and the reccommendation to use 'FORCE_PACKAGE_REGISTER has been seen. Unfortunately, I have no idea what port you guys are suggesting is really broken, is it the OpenSSL_Overwrite_Base or the one I am trying to install? If it is the OpenSSL one, can you explain in simple terms how I should deal with it? If you use FORCE_PACKAGE_REGISTER=yes and it still fails take a look to see what is actually installed. pkg_info -ia | grep Open_SSL The suggest installing portupgrade. Once that's complete you can portupgrade the port related to Open_SSL to see if that steps around the issue. m! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Wireshark
Grant Peel wrote: Hi CHris, Just attempting to install the port. Something I noticed when the install crapped out was that it wanted me to use the Force Package Register for the OpenSSL_Overwrite_Base port. That port was already installed, what would be the correct method to deal with this? -Grant - Original Message - From: Christopher Cowart [EMAIL PROTECTED] To: Grant Peel [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Thursday, September 11, 2008 6:18 PM Subject: Re: Wireshark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I've found this sometimes happens if the port is checking for a specific version of a dependancy and the version you have is older. Therefore the dependency check fails and it tries to install, but the package manager won't let it because of the existing version. You can deinstall OpenSSL_Overwrite_Base first and it will probebly work fine. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Wireshark
OK, So I am using https, and, while doing all this, will be connected via PuTTy through ssh. Will I be disconnected ? Deingstalling the port won't kill my connection or cause general weirdness to people using https? -Grant - Original Message - From: Chris St Denis [EMAIL PROTECTED] To: Grant Peel [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org; Christopher Cowart [EMAIL PROTECTED] Sent: Friday, September 12, 2008 2:46 PM Subject: Re: Wireshark Grant Peel wrote: Hi CHris, Just attempting to install the port. Something I noticed when the install crapped out was that it wanted me to use the Force Package Register for the OpenSSL_Overwrite_Base port. That port was already installed, what would be the correct method to deal with this? -Grant - Original Message - From: Christopher Cowart [EMAIL PROTECTED] To: Grant Peel [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Thursday, September 11, 2008 6:18 PM Subject: Re: Wireshark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I've found this sometimes happens if the port is checking for a specific version of a dependancy and the version you have is older. Therefore the dependency check fails and it tries to install, but the package manager won't let it because of the existing version. You can deinstall OpenSSL_Overwrite_Base first and it will probebly work fine. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Wireshark
I have never tried this with OpenSSL so I can't be certain (I just use base openssl) but as long as the libraries are already open, deleting them should be ok since the open file handle will remain valid. Starting a new SSH connection may not work between the deinstall and install step, and apache may get upset if it happens to fork a new process in that time, but overall it should be ok, You'll want to restart sshd and apache after the install is done so they puck up the new version. If you are worried about getting disconnected between the 2 steps run them as a single command make deinstall; make install inside screen (ports/sysutils/screen) or something so it will run to completion even if you get disconnected. Grant Peel wrote: OK, So I am using https, and, while doing all this, will be connected via PuTTy through ssh. Will I be disconnected ? Deingstalling the port won't kill my connection or cause general weirdness to people using https? -Grant - Original Message - From: Chris St Denis [EMAIL PROTECTED] To: Grant Peel [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org; Christopher Cowart [EMAIL PROTECTED] Sent: Friday, September 12, 2008 2:46 PM Subject: Re: Wireshark Grant Peel wrote: Hi CHris, Just attempting to install the port. Something I noticed when the install crapped out was that it wanted me to use the Force Package Register for the OpenSSL_Overwrite_Base port. That port was already installed, what would be the correct method to deal with this? -Grant - Original Message - From: Christopher Cowart [EMAIL PROTECTED] To: Grant Peel [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Thursday, September 11, 2008 6:18 PM Subject: Re: Wireshark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I've found this sometimes happens if the port is checking for a specific version of a dependancy and the version you have is older. Therefore the dependency check fails and it tries to install, but the package manager won't let it because of the existing version. You can deinstall OpenSSL_Overwrite_Base first and it will probebly work fine. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Chris St Denis Programmer SmarttNet (www.smartt.com) Ph: 604-473-9700 Ext. 200 --- Smart Internet Solutions For Businesses ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Wireshark
Hi all, I recently became aware of a utility called Wireshark (apparently formerly 'EtherReal), and was showing a running copy on Windoze. It apprears that it would be awsome for diagnosing network issues (such as DoS attacks, Email bombs etc. My question is: Does the version in /usr/ports/net/wireshark require X11 to run, or can it be run from the command line with straight text output? (I dont have/want X on the servers). -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Wireshark
Does the version in /usr/ports/net/wireshark require X11 to run, or can it be run from the command line with straight text output? (I dont have/want X on the servers). -Grant You can use tcpdump and bring the dump file to your local machine where you can use wireshark. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Wireshark
Grant Peel wrote: Hi all, I recently became aware of a utility called Wireshark (apparently formerly 'EtherReal), and was showing a running copy on Windoze. It apprears that it would be awsome for diagnosing network issues (such as DoS attacks, Email bombs etc. My question is: Does the version in /usr/ports/net/wireshark require X11 to run, or can it be run from the command line with straight text output? (I dont have/want X on the servers). It looks like the port respects the WITHOUT_X11 knob. I believe you get the command tshark if you don't have the GUI, which can do similar packet analysis and display in text form. I believe tshark can be used almost exactly like tcpdump for watching live traffic, but it can also read in tcpdump trace files. -- Chris Cowart Network Technical Lead Network Infrastructure Services, RSSP-IT UC Berkeley pgp9eZCzFleoX.pgp Description: PGP signature
Re: Wireshark
Hi CHris, Just attempting to install the port. Something I noticed when the install crapped out was that it wanted me to use the Force Package Register for the OpenSSL_Overwrite_Base port. That port was already installed, what would be the correct method to deal with this? -Grant - Original Message - From: Christopher Cowart [EMAIL PROTECTED] To: Grant Peel [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Thursday, September 11, 2008 6:18 PM Subject: Re: Wireshark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Wireshark
Grant Peel wrote: Just attempting to install the port. Something I noticed when the install crapped out was that it wanted me to use the Force Package Register for the OpenSSL_Overwrite_Base port. That port was already installed, what would be the correct method to deal with this? I usually only see this error with ports we've written in-house. Usually it happens because the dependency check on a specific file is bad. The check fails, which causes the port to believe it needs to install the dependency, but the package registry gets upset because the package is already installed and it doesn't think it needs to be reinstalled. If these are real ports, you might want to report the brokenness. You'll probably find that you can FORCE_PKG_REGISTER=1 and leave it at that (though I typically treat it as a last resort and instead opt for fixing the port). -- Chris Cowart Network Technical Lead Network Infrastructure Services, RSSP-IT UC Berkeley pgpj2qcYkGK8K.pgp Description: PGP signature
Re: Wireshark
On Thu, Sep 11, 2008 at 7:32 PM, Christopher Cowart [EMAIL PROTECTED] wrote: Grant Peel wrote: Just attempting to install the port. Something I noticed when the install crapped out was that it wanted me to use the Force Package Register for the OpenSSL_Overwrite_Base port. That port was already installed, what would be the correct method to deal with this? I usually only see this error with ports we've written in-house. Usually it happens because the dependency check on a specific file is bad. The check fails, which causes the port to believe it needs to install the dependency, but the package registry gets upset because the package is already installed and it doesn't think it needs to be reinstalled. If these are real ports, you might want to report the brokenness. You'll probably find that you can FORCE_PKG_REGISTER=1 and leave it at that (though I typically treat it as a last resort and instead opt for fixing the port). -- Chris Cowart Network Technical Lead Network Infrastructure Services, RSSP-IT UC Berkeley I wrote this but gmail default reply is not reply-all go to the openssl port and run make replace and it should replace base but I actually don't really suggest it. since I don't really see a need to even from wireshark which I have installed without overwriting openssl_base ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireshark
Sorry for my late reply. I have been a bit busy... ] On 7 apr 2008, at 21:21, Lowell Gilbert wrote: FreeBSD.Arno [EMAIL PROTECTED] writes: Hi Lowell, thanks for your response, On 7 apr 2008, at 16:23, Lowell Gilbert wrote: FreeBSD.Arno [EMAIL PROTECTED] writes: I installed wireshark on my computer and got this error trying to run it: /libexec/ld-elf.so.1: /usr/local/lib/libhx509.so.2: Undefined symbol oid_id_pkcs1_rsaEncryption That library doesn't even exist on my machine that has wireshark installed from ports. that's strange... what version do you run? i have version 0.99.8 I don't run it, I just built it long enough to check for you. oh, thank you very much for that! I just did a make config, disabling everything and 'make install clean' even now: [EMAIL PROTECTED] ldd /usr/local/bin/wireshark | grep libhx509 libhx509.so.2 = /usr/local/lib/libhx509.so.2 (0x2a69b000) I used the default configurations: # This file is auto-generated by 'make config'. # No user-servicable parts inside! # Options for wireshark-0.99.8_2 _OPTIONS_READ=wireshark-0.99.8_2 WITHOUT_RTP=true WITH_SNMP=true WITH_ADNS=true WITH_PCRE=true WITH_IPV6=true i tried compiling with and without all the settings, so far without any success I've found some posts of people reporting the same problem, but none of them mention a solution. http://www.mail-archive.com/[EMAIL PROTECTED]/msg10746.html Did anyone solve this problem yet? uname -a: FreeBSD ip 7.0-STABLE FreeBSD 7.0-STABLE #18: Mon Mar 31 17:48:52 CEST 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/KERNEL_7 i386 Figure out where that library comes from, and rebuild it and maybe its dependencies? i found there's a bug reported here for subversion, but i don;t have that installed http://www.freebsd.org/cgi/query-pr.cgi?pr=118310 i also found heimdal using this it an people reporting he same error i installed heimdal but the problem remained the same i'll try to figure out why wireshark needs this lib on one machine and not on the other... The key clue is probably in what provides that library. Which is Heimdal, so that *should* provide the library. I did search for heimdal on my system before, but i thought it was a port and not part of the base system My mistake... I'm looking into that now and am building kernel and world from the latest sources atm. I'll post the results when that's done... Did you install wireshark from a package? That may have been built with a different set of options and/or for a different FreeBSD release. I compiled from sources: cd /usr/port/net/wireshark/ make install clean gr Arno ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireshark
FreeBSD.Arno [EMAIL PROTECTED] writes: I installed wireshark on my computer and got this error trying to run it: /libexec/ld-elf.so.1: /usr/local/lib/libhx509.so.2: Undefined symbol oid_id_pkcs1_rsaEncryption That library doesn't even exist on my machine that has wireshark installed from ports. I've found some posts of people reporting the same problem, but none of them mention a solution. http://www.mail-archive.com/[EMAIL PROTECTED]/msg10746.html Did anyone solve this problem yet? uname -a: FreeBSD ip 7.0-STABLE FreeBSD 7.0-STABLE #18: Mon Mar 31 17:48:52 CEST 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/KERNEL_7 i386 Figure out where that library comes from, and rebuild it and maybe its dependencies? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireshark
Hi Lowell, thanks for your response, On 7 apr 2008, at 16:23, Lowell Gilbert wrote: FreeBSD.Arno [EMAIL PROTECTED] writes: I installed wireshark on my computer and got this error trying to run it: /libexec/ld-elf.so.1: /usr/local/lib/libhx509.so.2: Undefined symbol oid_id_pkcs1_rsaEncryption That library doesn't even exist on my machine that has wireshark installed from ports. that's strange... what version do you run? i have version 0.99.8 I just did a make config, disabling everything and 'make install clean' even now: [EMAIL PROTECTED] ldd /usr/local/bin/wireshark | grep libhx509 libhx509.so.2 = /usr/local/lib/libhx509.so.2 (0x2a69b000) I've found some posts of people reporting the same problem, but none of them mention a solution. http://www.mail-archive.com/[EMAIL PROTECTED]/msg10746.html Did anyone solve this problem yet? uname -a: FreeBSD ip 7.0-STABLE FreeBSD 7.0-STABLE #18: Mon Mar 31 17:48:52 CEST 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/KERNEL_7 i386 Figure out where that library comes from, and rebuild it and maybe its dependencies? i found there's a bug reported here for subversion, but i don;t have that installed http://www.freebsd.org/cgi/query-pr.cgi?pr=118310 i also found heimdal using this it an people reporting he same error i installed heimdal but the problem remained the same i'll try to figure out why wireshark needs this lib on one machine and not on the other... thanks Arno ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: wireshark
FreeBSD.Arno [EMAIL PROTECTED] writes: Hi Lowell, thanks for your response, On 7 apr 2008, at 16:23, Lowell Gilbert wrote: FreeBSD.Arno [EMAIL PROTECTED] writes: I installed wireshark on my computer and got this error trying to run it: /libexec/ld-elf.so.1: /usr/local/lib/libhx509.so.2: Undefined symbol oid_id_pkcs1_rsaEncryption That library doesn't even exist on my machine that has wireshark installed from ports. that's strange... what version do you run? i have version 0.99.8 I don't run it, I just built it long enough to check for you. I just did a make config, disabling everything and 'make install clean' even now: [EMAIL PROTECTED] ldd /usr/local/bin/wireshark | grep libhx509 libhx509.so.2 = /usr/local/lib/libhx509.so.2 (0x2a69b000) I used the default configurations: # This file is auto-generated by 'make config'. # No user-servicable parts inside! # Options for wireshark-0.99.8_2 _OPTIONS_READ=wireshark-0.99.8_2 WITHOUT_RTP=true WITH_SNMP=true WITH_ADNS=true WITH_PCRE=true WITH_IPV6=true I've found some posts of people reporting the same problem, but none of them mention a solution. http://www.mail-archive.com/[EMAIL PROTECTED]/msg10746.html Did anyone solve this problem yet? uname -a: FreeBSD ip 7.0-STABLE FreeBSD 7.0-STABLE #18: Mon Mar 31 17:48:52 CEST 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/KERNEL_7 i386 Figure out where that library comes from, and rebuild it and maybe its dependencies? i found there's a bug reported here for subversion, but i don;t have that installed http://www.freebsd.org/cgi/query-pr.cgi?pr=118310 i also found heimdal using this it an people reporting he same error i installed heimdal but the problem remained the same i'll try to figure out why wireshark needs this lib on one machine and not on the other... The key clue is probably in what provides that library. Which is Heimdal, so that *should* provide the library. Did you install wireshark from a package? That may have been built with a different set of options and/or for a different FreeBSD release. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
wireshark
Hello, I installed wireshark on my computer and got this error trying to run it: /libexec/ld-elf.so.1: /usr/local/lib/libhx509.so.2: Undefined symbol oid_id_pkcs1_rsaEncryption I've found some posts of people reporting the same problem, but none of them mention a solution. http://www.mail-archive.com/[EMAIL PROTECTED]/msg10746.html Did anyone solve this problem yet? uname -a: FreeBSD ip 7.0-STABLE FreeBSD 7.0-STABLE #18: Mon Mar 31 17:48:52 CEST 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/KERNEL_7 i386 thanks in advance Arno ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Further questions on making wireshark work
Hi, Many thanks to Eric for pointing me in the correct direction with Wireshark and Ethereal. Interestingly, I couldn't find the directory (or the port) for wireshark on my system but did find the references to it on www.freshports.org. So, I downloaded the pre-compiled package for wireshark from freebsd.org and installed wireshark that way. Now, when I try to start the program, I get the following error message: /libexec/ld-elf.so.1: Shared object libnetsnmp.so.10 not found, required by wireshark I know that this error is coming from the linker. However, I'm not sure how to fix it because I checked and the net-snmp port is loaded on my system. How do I get this shared object so that I can use wireshark? By the way, I didn't do a force install even if some dependencies are absent. I simply did pkg_add wireshare-xxx. I actually had to install a few extra packages that were lacking on my system for the pkg_add to work. Thanks, andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Further questions on making wireshark work
On Fri, 11 May 2007, Andrew Falanga wrote: Hi, Many thanks to Eric for pointing me in the correct direction with Wireshark and Ethereal. Interestingly, I couldn't find the directory (or the port) for wireshark on my system but did find the references to it on www.freshports.org. So, I downloaded the pre-compiled package for wireshark from freebsd.org and installed wireshark that way. Now, when I try to start the program, I get the following error message: /libexec/ld-elf.so.1: Shared object libnetsnmp.so.10 not found, required by wireshark I know that this error is coming from the linker. However, I'm not sure how to fix it because I checked and the net-snmp port is loaded on my system. How do I get this shared object so that I can use wireshark? By the way, I didn't do a force install even if some dependencies are absent. I simply did pkg_add wireshare-xxx. I actually had to install a few extra packages that were lacking on my system for the pkg_add to work. I can't offer feedback on any of the questions. However, I see wireshark in the ports tree here: /usr/ports/net/wireshark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Further questions on making wireshark work
I can't offer feedback on any of the questions. However, I see wireshark in the ports tree here: /usr/ports/net/wireshark Yes, that's where it's supposed to be. It's a real curiosity that I don't have it even after doing a cvsup. Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Further questions on making wireshark work
On Fri, 11 May 2007, Andrew Falanga wrote: I can't offer feedback on any of the questions. However, I see wireshark in the ports tree here: /usr/ports/net/wireshark Yes, that's where it's supposed to be. It's a real curiosity that I don't have it even after doing a cvsup. I use portsnap myself. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Further questions on making wireshark work
On Friday 11 May 2007 02:06:32 pm Andrew Falanga wrote: Hi, Many thanks to Eric for pointing me in the correct direction with Wireshark and Ethereal. Interestingly, I couldn't find the directory (or the port) for wireshark on my system but did find the references to it on www.freshports.org. So, I downloaded the pre-compiled package for wireshark from freebsd.org and installed wireshark that way. Now, when I try to start the program, I get the following error message: /libexec/ld-elf.so.1: Shared object libnetsnmp.so.10 not found, required by wireshark I know that this error is coming from the linker. However, I'm not sure how to fix it because I checked and the net-snmp port is loaded on my system. How do I get this shared object so that I can use wireshark? By the way, I didn't do a force install even if some dependencies are absent. I simply did pkg_add wireshare-xxx. I actually had to install a few extra packages that were lacking on my system for the pkg_add to work. Thanks, andy Try cvsuping your ports tree if wireshark isn't located at: /usr/ports/net/wireshark I would try that before anything else. Thats because trying to deal with packages after I've updated everything else usually turns out to be far more keystrokes than 'make install clean'. :) HTH. WizLayer -- Life is better with a BSD. For more info, www.bsd.org. pgpfVd5ZjmTCb.pgp Description: PGP signature
i can't find available device in wireshark?
hey all. i can't find any available device in the list i notice it depends bpf but i already have device bpf # Berkeley packet filter in my kernel config where is wrong? $ ifconfig rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU inet 192.168.5.1 netmask 0xff00 broadcast 192.168.5.255 ether 4c:00:10:b4:1d:d2 media: Ethernet autoselect (100baseTX full-duplex) status: active nve0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 192.168.6.1 netmask 0xff00 broadcast 192.168.6.255 ether 00:16:e6:84:e6:3e media: Ethernet autoselect (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1492 inet 219.13x.xxx.xxx -- 58.52x.xxx.xxx netmask 0x Opened by PID 874 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: i can't find available device in wireshark?
In response to lveax [EMAIL PROTECTED]: i can't find any available device in the list i notice it depends bpf but i already have device bpf # Berkeley packet filter in my kernel config where is wrong? $ ifconfig rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU inet 192.168.5.1 netmask 0xff00 broadcast 192.168.5.255 ether 4c:00:10:b4:1d:d2 media: Ethernet autoselect (100baseTX full-duplex) status: active nve0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 192.168.6.1 netmask 0xff00 broadcast 192.168.6.255 ether 00:16:e6:84:e6:3e media: Ethernet autoselect (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1492 inet 219.13x.xxx.xxx -- 58.52x.xxx.xxx netmask 0x Opened by PID 874 Did you run it as root? What does wireshark -D say? If I run my as non-root: $ wireshark -D wireshark: There are no interfaces on which a capture can be done But it works fine when run as root. -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: i can't find available device in wireshark?
Bill Moran wrote: Did you run it as root? What does wireshark -D say? If I run my as non-root: $ wireshark -D wireshark: There are no interfaces on which a capture can be done But it works fine when run as root. just add something like this: [bpf=100] add path 'bpf*' mode 0660 group wheel to your /etc/devfs.rules and devfs_set_rulesets=/dev=bpf to /etc/rc.d Then reboot or do sudo /etc/rc.d/devfs restart Make sure that you are in wheel group, or just change rule. You can read more if you do man devfs man devfs.rules ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
