tshark: This version of TShark was not built with support for capturing packets.
Hello,
I've installed on a centos 7 wireshark 3.4.3 and libpcap 1.10.0 in order to achieve remote captures by using tshark, but I am facing a trouble with tshark, when I run it I get this error :
tshark: This version of TShark was not built with support for capturing packets.
Can anyone help me ?
Thanks a lot ! Olivier.
Was rpm-setup.sh run before building
tshark
?Is
libpcap-devel
installed?Just to confirm, what's the output of
tshark -h
? Where did that installation of tshark come from?=> No because I compiled libpcap manually in order to have a release recent enough to allow rpcap.
Running as user "root" and group "root". This could be dangerous. TShark (Wireshark) 3.4.3 (Git commit 6ae6cd335aa9) Dump and analyze network traffic. See https://www.wireshark.org for more information.
Sorry, my mistake, should be
tshark -v
.The error message comes from two places in tshark.c which are both set at compile time:
Maybe getting it working with the default build (after running the setup script).
tshark -v
(more)Compiled (64-bit) without libpcap
Sorry but I did not understand you last comment ... Could you explain more in detail?
tshark
will need to be built with support to talk to thelibpcap
library that you built.See Part 3 of the INSTALL file that is in the root of the Wireshark source directory.
After building libpcap, did you run
make install
in its source directory, as root?If you want Wireshark to be built with the libpcap you built, you must build and install libpcap before running CMake for Wireshark.