tshark: This version of TShark was not built with support for capturing packets.

asked 2021-02-08 16:48:35 +0000

othomas gravatar image

Hello,

I've installed on a centos 7 wireshark 3.4.3 and libpcap 1.10.0 in order to achieve remote captures by using tshark, but I am facing a trouble with tshark, when I run it I get this error :

tshark: This version of TShark was not built with support for capturing packets.

Can anyone help me ?

Thanks a lot ! Olivier.

edit retag flag offensive close merge delete

Comments

Was rpm-setup.sh run before building tshark?
Is libpcap-devel installed?

Chuckc gravatar imageChuckc ( 2021-02-08 17:02:59 +0000 )edit

Just to confirm, what's the output of tshark -h? Where did that installation of tshark come from?

grahamb gravatar imagegrahamb ( 2021-02-08 17:18:02 +0000 )edit
  • Was rpm-setup.sh run before building tshark?

=> No because I compiled libpcap manually in order to have a release recent enough to allow rpcap.

  • Just to confirm, what's the output of tshark -h?

Running as user "root" and group "root". This could be dangerous. TShark (Wireshark) 3.4.3 (Git commit 6ae6cd335aa9) Dump and analyze network traffic. See https://www.wireshark.org for more information.

othomas gravatar imageothomas ( 2021-02-08 17:32:19 +0000 )edit

Sorry, my mistake, should be tshark -v.

grahamb gravatar imagegrahamb ( 2021-02-08 17:46:49 +0000 )edit

The error message comes from two places in tshark.c which are both set at compile time:

#ifndef HAVE_LIBPCAP
  if (capture_option_specified)
    cmdarg_err("This version of TShark was not built with support for capturing packets.");
#endif


Maybe getting it working with the default build (after running the setup script).

Chuckc gravatar imageChuckc ( 2021-02-08 17:51:38 +0000 )edit

tshark -v

Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 3.4.3 (Git commit 6ae6cd335aa9)

Copyright 1998-2021 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) without libpcap, with GLib 2.56.1, with zlib 1.2.7, without
SMI, with c-ares 1.10.0, without Lua, without GnuTLS, with Gcrypt 1.5.3, with
MIT Kerberos, without MaxMind DB resolver, without nghttp2, without brotli,
without LZ4, without Zstandard, without Snappy, without libxml2.

Running on Linux 3.10.0-957.el7.x86_64, with Intel(R) Xeon(R) CPU
X5670  @ 2.93GHz (with SSE4.2), with 15871 MB of physical memory, with locale
en_US.UTF-8, with ...
(more)
othomas gravatar imageothomas ( 2021-02-08 17:56:07 +0000 )edit

Compiled (64-bit) without libpcap

Chuckc gravatar imageChuckc ( 2021-02-08 18:05:05 +0000 )edit

Sorry but I did not understand you last comment ... Could you explain more in detail?

othomas gravatar imageothomas ( 2021-02-08 18:28:54 +0000 )edit

tshark will need to be built with support to talk to the libpcap library that you built.
See Part 3 of the INSTALL file that is in the root of the Wireshark source directory.

Chuckc gravatar imageChuckc ( 2021-02-08 18:56:06 +0000 )edit
see more comments