Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2020-04-30 09:34:17 +0000

Guy Harris gravatar image

How do you enable rpcap support via external interfaces in wireshark on linux (e.g. Debian)?

That's not a function of Wireshark, it's a function of libpcap; if Wireshark is built with a version of libpcap that supports it, it'll support it, otherwise it won't.

By default, libpcap on UN*Xes is built without libpcap support, as it increases the "attack surface" of libpcap. The current version should be robust against a malicious server, but we (the libpcap developers) aren't at the point where we'd want to enable it by default yet. I don't know of any UN*X systems that ship libpcap and that have enabled remote support.

Therefore, you'll need to build libpcap from source (I'd recommend the latest version from www.tcpdump.org), install it, and then:

  1. remove the build directory you used to build Wireshark;
  2. re-create it, re-run CMake, and build it.

When you build libpcap from source:

  • if you're using autotools for the libpcap build, run the configure script with --enable-remote;
  • if you're using CMake for the libpcap build, run CMake with -DENALBE_REMOTE=YES

so that remote capture is enabled in libpcap.

click to hide/show revision 2
No.2 Revision

updated 2020-04-30 10:56:08 +0000

grahamb gravatar image

How do you enable rpcap support via external interfaces in wireshark on linux (e.g. Debian)?

That's not a function of Wireshark, it's a function of libpcap; if Wireshark is built with a version of libpcap that supports it, it'll support it, otherwise it won't.

By default, libpcap on UN*Xes is built without libpcap support, as it increases the "attack surface" of libpcap. The current version should be robust against a malicious server, but we (the libpcap developers) aren't at the point where we'd want to enable it by default yet. I don't know of any UN*X systems that ship libpcap and that have enabled remote support.

Therefore, you'll need to build libpcap from source (I'd recommend the latest version from www.tcpdump.org), install it, and then:

  1. remove the build directory you used to build Wireshark;
  2. re-create it, re-run CMake, and build it.

When you build libpcap from source:

  • if you're using autotools for the libpcap build, run the configure script with --enable-remote;
  • if you're using CMake for the libpcap build, run CMake with -DENALBE_REMOTE=YES-DENABLE_REMOTE=YES

so that remote capture is enabled in libpcap.

How do you enable rpcap support via external interfaces in wireshark on linux (e.g. Debian)?

That's not a function of Wireshark, it's a function of libpcap; if Wireshark is built with a version of libpcap that supports it, it'll support it, otherwise it won't.

By default, libpcap on UN*Xes is built without libpcap rpcap support, as it increases the "attack surface" of libpcap. The current version should be robust against a malicious server, but we (the libpcap developers) aren't at the point where we'd want to enable it by default yet. I don't know of any UN*X systems that ship libpcap and that have enabled remote support.

Therefore, you'll need to build libpcap from source (I'd recommend the latest version from www.tcpdump.org), install it, and then:

  1. remove the build directory you used to build Wireshark;
  2. re-create it, re-run CMake, and build it.

When you build libpcap from source:

  • if you're using autotools for the libpcap build, run the configure script with --enable-remote;
  • if you're using CMake for the libpcap build, run CMake with -DENABLE_REMOTE=YES

so that remote capture is enabled in libpcap.