tshark: This version of TShark was not built with support for capturing packets.

asked 2021-02-08 16:48:35 +0000

othomas gravatar image

Hello,

I've installed on a centos 7 wireshark 3.4.3 and libpcap 1.10.0 in order to achieve remote captures by using tshark, but I am facing a trouble with tshark, when I run it I get this error :

tshark: This version of TShark was not built with support for capturing packets.

Can anyone help me ?

Thanks a lot ! Olivier.

edit retag flag offensive close merge delete

Comments

Was rpm-setup.sh run before building tshark?
Is libpcap-devel installed?

Chuckc gravatar imageChuckc ( 2021-02-08 17:02:59 +0000 )edit

Just to confirm, what's the output of tshark -h? Where did that installation of tshark come from?

grahamb gravatar imagegrahamb ( 2021-02-08 17:18:02 +0000 )edit
  • Was rpm-setup.sh run before building tshark?

=> No because I compiled libpcap manually in order to have a release recent enough to allow rpcap.

  • Just to confirm, what's the output of tshark -h?

Running as user "root" and group "root". This could be dangerous. TShark (Wireshark) 3.4.3 (Git commit 6ae6cd335aa9) Dump and analyze network traffic. See https://www.wireshark.org for more information.

othomas gravatar imageothomas ( 2021-02-08 17:32:19 +0000 )edit

Sorry, my mistake, should be tshark -v.

grahamb gravatar imagegrahamb ( 2021-02-08 17:46:49 +0000 )edit

The error message comes from two places in tshark.c which are both set at compile time:

#ifndef HAVE_LIBPCAP
  if (capture_option_specified)
    cmdarg_err("This version of TShark was not built with support for capturing packets.");
#endif


Maybe getting it working with the default build (after running the setup script).

Chuckc gravatar imageChuckc ( 2021-02-08 17:51:38 +0000 )edit
see more comments