Wireshark-users: Re: [Wireshark-users] Upgraded wireshark to 1.2.6 but nowold pcapfiles cannot be

From: Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 25 Mar 2010 15:11:12 -0400

On Mar 25, 2010, at 14:55, Kok-Yong Tan wrote:

On Mar 24, 2010, at 13:31, Kok-Yong Tan wrote:

On Mar 24, 2010, at 02:19, Jose Pedro Oliveira wrote:

On 2010-03-24 05:32, Kok-Yong Tan wrote:

On Mar 24, 2010, at 01:10, Jose Pedro Oliveira wrote:

On 2010-03-24 02:45, Kok-Yong Tan wrote:

Any recommendations?  Can I build the version of libz that
this wholesale replacement of gz* functions?  Do you know which
that was?

I had exactly the same problem you described using Wireshark from
MacPorts (and I've built both versions available: 1.2.6 and 1.3.3).

While I haven't figured out what the problem was, I uninstalled
and started using the Wireshark MacOSX pre-built binaries instead.
They are available for download here:


Note: I'm currently using the 1.3.3 build.

Isn't 1.3.3 a developer build?

Yes it is (I've been using it for quite a while now without finding
any problems) but you can always install the 1.2.6 binaries.

But if really want the latest development release
you can find it here :)

Many thanks.  But I think I'll stick with the MacPorts distribution
since it builds in a very localized fashion and installs both source,
libraries and executables in an easily removeable location:  /opt.
I've discovered that getting Wireshark to build using the zlib 1.2.3
libraries isn't as horrendously difficult as I'd imagined.  I'll let
everybody know how it goes (it took me a little while to figure out
how to do it as the instructions aren't very clear but my procedure
seemed to work and I'm in mid-build right now).  And I've verified
with the maintainer of the Wireshark port that he, too, had the same
issues and that they went away as soon as he rebuilt his copy using
zlib 1.2.3 instead of zlib 1.2.4.  But I want to test the build for
myself since his rebuild was only on Snow Leopard while mine is on
Snow Leopard, Leopard and Tiger (I have multiple machines and want to
ensure Wireshark works on all those platforms).

Okay, confirmed:  The problem is with using zlib 1.2.4 with wireshark
1.2.6 on Tiger, Leopard and Snow Leopard.  If wireshark 1.2.6 on
Tiger, Leopard and Snow Leopard is rebuilt under MacPorts to use the
zlib 1.2.3 libraries, all my earlier problems with opening prior
capture files in wireshark as well as making new captures (not just
storing new captures) just vanish.

Building wireshark under MacPorts is pretty simple.  Just follow this

1.  Download and install the appropriate version of Xcode for your OS
version from Apple's developer site;

2.  Download and install the initial MacPorts 1.8.2 standard Apple
installer from <http://www.macports.org>;

3.  Type "sudo port selfupdate" if you want to be anal (I always am);

4.  Type "sudo port install wireshark"

and that's it but that gives you wireshark 1.2.6 with the zlib 1.2.4
package.  To get wireshark to use the older zlib 1.2.3 package, you
just have to follow the instructions here: <http://trac.macports.org/
wiki/howto/InstallingOlderPort> precisely.  Then deactivate, clean
and install the wireshark package again but this time do "sudo port -
n install wireshark" (disregarding the man page so it doesn't go out
and re-download the latest zlib 1.2.4 package.  The reason for
installing wireshark and then re-installing it again with the -n
switch is to ensure that all other packages it depends on are the
latest and greatest before backing out the zlib package from 1.2.4 to
1.2.3 to do the reinstall.

Hope this helps someone out there in the same boat.

Oops.  Hit the "send" button too soon:

The above should read: "...(disregarding the man page where it says that the -n switch only applies to upgrading) so it doesn't go out..." instead of just "...(disregarding the man page so it doesn't go out..."
Reality Artisans, Inc.             #   Network Wrangling and Delousing
P.O. Box 565, Gracie Station       #   Apple Certified Consultant
New York, NY 10028-0019            #   Apple Consultants Network member
<http://www.realityartisans.com>   #   Apple Developer Connection member
(212) 369-4876 (Voice) # My PGP public key can be found at <https://keyserver.pgp.com>