Ethereal-users: Re: [ethereal-users] Re: An updated version of the changes to fix "type of netwo

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 24 Aug 2000 14:20:10 -0700 (PDT)
> YESSS!!!  I rebuilt Ethereal with the versions of libpcap.c and
> capture.c that were included in the original message below.  This worked
> fine.

Spiffy.  It worked for Christian as well, so I'll be checking it in
(along with configure-script stuff to check whether the machine *has*
<pcap.h>, so as not to include it if it's not there).

> I now have a better understanding of the libpcap role.  My current
> tcpdump, which works on my target machine, was built from source

Which source?  The source that came from the SuSE CD, or some other
source?

> BUT
> uses the libpcap.a that came off of my SuSE CD.  If I try to build
> libpcap from the sources on my CD, then build tcpdump from that libpcap,
> the resultant tcpdump doesn't work right.

I.e., the resulting tcpdump works differently with the libpcap binary
that came from SuSE and the libpcap library built from the source that
came from SuSE?

I'd call that a bug in SuSE 6.3, if the source that comes with it
doesn't produce the binary that comes with it.  Complain to SuSE about
that.

Does the binary tcpdump that comes with SuSE 6.3 work, or is that the
one that was dumping core?  If it doesn't work, that's another bug to
report to SuSE.

> My next question is, can I build libpcap from source using the libpcap.c
> you sent?

No.  "libpcap.c" is part of Ethereal's Wiretap library for reading
capture files; it handles reading capture files generated by libpcap.
It's not a part of libpcap itself.  (Ethereal uses Wiretap to read
capture files, as it can handle non-libpcap capture files; it uses
libpcap to capture packets, however.)

> If I can, then I think the changes you made will propagate
> into my tcpdump, and I should then be able to capture from an atm
> interface using tcpdump.  When I look in the source for my libpcap, I
> only see a libpcap.a, not libpcap.c.  How/where does that archive get
> built?

It gets built from the *other* source files; "foo.a" doesn't necessarily
get built from "foo.c" - "foo.c" turns into "foo.o", but "foo.a" could
well contain "bar.o" and "bletch.o" but not "foo.o".