This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Using wireshark on linux - Difficulties in use

0

Hi, I have problems using wireshark on linux - I am using wireshark verision 1.8.10 on linux, and version 2.2.6 on windows.

I imported same packet on windows and linux - while wireshark on windows was able to analyze the whole packets, linux couldnt analyze geneve (Generic Network Virtualization Encapsulation) and gre (Generic Routing Encapsulation) packets protocols.

What is the solution for my problem? Do I need to install an updated version on my linux server?

Thanks, Aya

asked 08 Jun '17, 08:47

aya%20dagan's gravatar image

aya dagan
6445
accept rate: 0%

One Answer:

2

That is very likely, yes. I haven't checked, but at least Geneve is a pretty new tunneling protocol that 1.8 probably doesn't know about. I can recommend always staying up to date with the Wireshark versions.

answered 08 Jun '17, 09:01

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Some versions of Linux come with really old versions of Wireshark, and people tend to use what the distribution vendor supplies. Windows and macOS, for example, don't provide Windows, so people have to get it themselves, and end up getting newer versions.

I'll bet the server is running something such as RHEL 6 or CentOS 6, which I think supply Wireshark 1.8. It would be really nice if there were some way of getting up-to-date Wireshark RPMs for RHEL/CentOS 6; does anybody know of a source of that?

(16 Jun '17, 12:40) Guy Harris ♦♦

http://rpm.pbone.net/ has slightly newer RHEL6 rpms of Wireshark 1.10.0. I'm by no means a Redhat packager, but I've built RHEL6 rpms for Wireshark 2.2.7 that I could possibly post somewhere for anyone who might be interested?

TShark (Wireshark) 2.2.7 (wireshark-2.2.7)

Copyright 1998-2017 Gerald Combs [email protected] and contributors. License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 1, with GLib 2.26.1, with zlib 1.2.3, without SMI, without c-ares, with Lua 5.1.4, without GnuTLS, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP.

Running on Linux 2.6.32-431.el6.x86_64, with locale en_US.UTF-8, with libpcap version 1.8.1, with Gcrypt 1.4.5, with zlib 1.2.3. Intel(R) Xeon(R) CPU E5405 @ 2.00GHz

Built using gcc 4.4.7 20120313 (Red Hat 4.4.7-4).

(17 Jun '17, 07:34) cmaynard ♦♦