Wireshark-bugs: [Wireshark-bugs] [Bug 12952] [feature-request] Support for sshdump using tcpdump

Date: Tue, 27 Sep 2016 08:59:21 +0000

changed bug 12952


What Removed Added
CC   [email protected]

Comment # 4 on bug 12952 from
Typically you cannot run tcpdump as unprivileged user, so either you log in as
root (not recommended) or use something like sudo. See also
https://ask.wireshark.org/questions/55768/remote-interface-linux/55779

dumpcap does not have this issue because often file capabilities are in use.

As for your patch, it has an issue. In C you cannot compare strings by pointer
comparison. I guess it would also be preferable to compare the basename such
that /usr/sbin/tcpdump or /home/user/bin/tcpdump are also recognized.

As for why the "-P" option is required for dumpcap, the output must be a
libpcap-compatible format (e.g. the output from tcpdump). That seems to have
something to do with random file access (seeking) I guess.


You are receiving this mail because:
  • You are watching all bug changes.