Revision history [back]

How do you enable rpcap support via external interfaces in wireshark on linux (e.g. Debian)?

That's not a function of Wireshark, it's a function of libpcap; if Wireshark is built with a version of libpcap that supports it, it'll support it, otherwise it won't.

By default, libpcap on UN*Xes is built without libpcap support, as it increases the "attack surface" of libpcap. The current version should be robust against a malicious server, but we (the libpcap developers) aren't at the point where we'd want to enable it by default yet. I don't know of any UN*X systems that ship libpcap and that have enabled remote support.

Therefore, you'll need to build libpcap from source (I'd recommend the latest version from www.tcpdump.org), install it, and then:

1. remove the build directory you used to build Wireshark;
2. re-create it, re-run CMake, and build it.

When you build libpcap from source:

• if you're using autotools for the libpcap build, run the configure script with --enable-remote;
• if you're using CMake for the libpcap build, run CMake with -DENALBE_REMOTE=YES

so that remote capture is enabled in libpcap.

How do you enable rpcap support via external interfaces in wireshark on linux (e.g. Debian)?

That's not a function of Wireshark, it's a function of libpcap; if Wireshark is built with a version of libpcap that supports it, it'll support it, otherwise it won't.

By default, libpcap on UN*Xes is built without libpcap support, as it increases the "attack surface" of libpcap. The current version should be robust against a malicious server, but we (the libpcap developers) aren't at the point where we'd want to enable it by default yet. I don't know of any UN*X systems that ship libpcap and that have enabled remote support.

Therefore, you'll need to build libpcap from source (I'd recommend the latest version from www.tcpdump.org), install it, and then:

1. remove the build directory you used to build Wireshark;
2. re-create it, re-run CMake, and build it.

When you build libpcap from source:

• if you're using autotools for the libpcap build, run the configure script with --enable-remote;
• if you're using CMake for the libpcap build, run CMake with -DENALBE_REMOTE=YES-DENABLE_REMOTE=YES

so that remote capture is enabled in libpcap.

How do you enable rpcap support via external interfaces in wireshark on linux (e.g. Debian)?

That's not a function of Wireshark, it's a function of libpcap; if Wireshark is built with a version of libpcap that supports it, it'll support it, otherwise it won't.

By default, libpcap on UN*Xes is built without libpcap rpcap support, as it increases the "attack surface" of libpcap. The current version should be robust against a malicious server, but we (the libpcap developers) aren't at the point where we'd want to enable it by default yet. I don't know of any UN*X systems that ship libpcap and that have enabled remote support.

Therefore, you'll need to build libpcap from source (I'd recommend the latest version from www.tcpdump.org), install it, and then:

1. remove the build directory you used to build Wireshark;
2. re-create it, re-run CMake, and build it.

When you build libpcap from source:

• if you're using autotools for the libpcap build, run the configure script with --enable-remote;
• if you're using CMake for the libpcap build, run CMake with -DENABLE_REMOTE=YES

so that remote capture is enabled in libpcap.