Ask Your Question
0

Why do I get "Can't get list of interfaces: message payload is too short" when trying to add remote interfaces?

asked 2020-02-20 16:28:40 +0000

Gabriele gravatar image

updated 2020-02-21 00:04:07 +0000

Guy Harris gravatar image

Hello, trying to add remote interfaces i get this error. I usually use wireshark, this is new installation on new pc. I tried to disable antivirus and firewall, also launch with administrator rights without success.

Can you help me?

Thanks!

Gabriele

edit retag flag offensive close merge delete

Comments

Can you paste the contents of the Help -> About Wireshark > Wireshark tab?

grahamb gravatar imagegrahamb ( 2020-02-20 16:38:03 +0000 )edit

And what version of the remote capture daemon is installed on the remote machine? This is an error reported by the libpcap remote capture client code and remote capture daemon code if the client or server receives a remote capture protocol message that's malformed by not including all the data that such a message must contain, so there's probably a bug in either the client or server code.

Guy Harris gravatar imageGuy Harris ( 2020-02-21 00:03:39 +0000 )edit

I'm trying to capture a PABX's Ethernet interface. It have "Enable RPCAP" option and works with another pc.

This is the "About" (i can't get to paste all the content...) Version 3.2.1 (v3.2.1-0-gbf38a67724d0)

Gabriele gravatar imageGabriele ( 2020-02-21 08:04:21 +0000 )edit

full screenshot: https://mega.nz/#!8U0C2Q6B!FjYfPs1JlU...

Gabriele gravatar imageGabriele ( 2020-02-21 08:21:38 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-02-21 20:09:12 +0000

Guy Harris gravatar image

OK, so that's Npcap, not WinPcap - the original remote-capture client code in WinPcap didn't do all the checks and error reporting that the current code in libpcap does (I cleaned up the remote capture code a lot when I added it to standard libpcap).

Either 1) there's a bug in libpcap 1.9.1's client code, so that it's rejecting valid rpcap packets or 2) there's a bug in the rpcap daemon in the PABX's software, and it's sending invalid rpcap packets (too short).

Please:

  • open Wireshark, and start a capture on the interface for the network between your PC and the PABX, using the capture filter "port 2002";
  • while that capture is running, open Wireshark again, so that you have two instances of Wireshark running on your PC, and, in the second instance of Wireshark, try to add remote interfaces;
  • when the attempt to add remote interfaces reports the error in the second instance of Wireshark, stop the capture in the first instance of Wireshark;
  • if the first instance (the one doing the "port 2002" capture) shows any traffic, please do File > Save to save the raw capture to a file;
  • go to the libpcap issues list and open a new issue, and attach the raw capture file to the issue.
edit flag offensive delete link more

Comments

Thanks Guy. Is the filter "tcp.port==2002" good to make the first capture as you require?

Gabriele gravatar imageGabriele ( 2020-02-24 08:24:33 +0000 )edit

It seems that will be a not quickly resolution, is there a workaroud? Can i install http://www.win10pcap.org/ and set wireshark to use it?

Gabriele gravatar imageGabriele ( 2020-02-24 10:49:43 +0000 )edit

Another comment ;-) Starting capture from cmd it works: wireshark.exe -ni rpcap://192.168.1.100/trace

Gabriele gravatar imageGabriele ( 2020-02-24 15:37:56 +0000 )edit

Yes, it's a bug in the PABX's remote capture server, as I indicated in the libpcap issue you reported; please report it to them, and include the URL of your issue in your report to them, so they can see why it's a bug.

And, yes, the command-line capture will work, because Wireshark (and dumpcap, which is what Wireshark runs to do the capturing) doesn't try to get a list of interfaces in that case.

Guy Harris gravatar imageGuy Harris ( 2020-02-24 16:04:52 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2020-02-20 16:28:40 +0000

Seen: 3,104 times

Last updated: Feb 21 '20

Related questions

Wireshark 2.4.1 GTK Crash on long run

SSH remote capture private key can't connect

Computer compromised through Steam personal/financial information stolen HELP [closed]

How do I use SSH Remote Capture in Wireshark

After upgrade to version 2.6.1 remote capture no longer works.

SSH Remote Capture Restart Error

Sniffing on Windows 10 machine from a remote Linux machine

remote interface problems

Reset cisco remote capture

With a capture filter on a remote interface, where does the filtering occur? Also, how are the packets transmitted?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2