jim.mewes@xxxxxxxxxxxx wrote:
The ; in the command was intentional - to run tethereal in foreground
while the background nslookup runs after a 2 second sleep.
What shell are you using?
$ (sleep 2;nslookup www.yahoo.com) & ; tcpdump -l -c 1 udp port 53
-bash: syntax error near unexpected token `;'
# tcpdump -h
Version 2.2.1
Usage: tcpdump [-defIlnOpqtvx] [-c count] [-i interface]
[-F filename] [-r filename] [-w filename] [expr]
# tethereal -v
tethereal 0.10.10
Compiled with GLib 2.2.3, with libpcap 0.8.3, with libz 1.2.1, with libpcre 5.0,
without UCD-SNMP or Net-SNMP, without ADNS.
Running with libpcap version 0.8.3 on AIX 5.2.
AIX 5.2 - which, as far as I know, comes with a libpcap library - and
its tcpdump *still* doesn't use it? And it's an *ancient* version of
tcpdump? Good going, IBM....
(Hint to the AIX folks: the current version of tcpdump is 3.8.3, not 2.2.1.
Then again, the AIX folks who haven't upgraded tcpdump in ages are
probably the same folks who thought that using SNMP ifType values as the
link-layer type in the file header, and using nanosecond resolution in
time stamps, in capture files, *WITHOUT* changing the capture file magic
number, was a Brilliant Idea(TM), the fact that this means that you
can't tell an AIX capture from a normal tcpdump capture simply by
looking at the magic number, *BUT* you can't read an AIX capture with
the same code that reads normal captures, nonwithstanding.)
Did you build and install libpcap 0.8.3, and link Tethereal with that?
Or is it linked with whatever version of libpcap AIX 5.2 supplies?
In either case, try downloading tcpdump 3.8.3 from tcpdump.org, and
build it with the same version of libpcap that Tethereal is built with.
If you succeed in building it, try doing with that version of tcpdump
the same thing you did with Tethereal; does that succeed?
(If you fail to build it, try doing the same with the "current tar
files" version of tcpdump; if that fails, report that to
tcpdump-workers@xxxxxxxxxxx, so they can try to fix that problem.)