Wireshark-dev: Re: [Wireshark-dev] PortableApps Wireshark feedback

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 09 Nov 2007 00:13:27 -0800
Maynard, Chris wrote:

Oh, one last thing - I read an article, linked from the
www.portableapps.com website that indicated that you could run a
PortableApps application on Linux if you have wine installed. I did not
try that ... yet. Unfortunately, I probably won't be able to try it
until next week at the earliest. Unless someone can tell me a reason why
they know it wouldn't work and that I need not bother trying it out?

I don't know for certain that it won't work.

However, Wireshark (and TShark, and tcpdump/Windump, and so on) use libpcap/WinPcap to capture traffic - and libpcap/WinPcap provide a (mostly) platform-independent interface to a very platform-dependent packet capture mechanism. WinPcap is the version that runs on Windows, and it assumes the OS's packet capture mechanism is the WinPcap mechanism, not the Linux mechanism (i.e., PF_PACKET sockets) - unless Wine exports a *native* implementation of libpcap/WinPcap with a WinPcap-compatible binary interface, Wireshark might work, but it almost certainly won't be able to capture packets.