Wireshark mailing list archives

Re: how to handle big files in wireshark


From: Guy Harris <guy () alum mit edu>
Date: Sat, 10 Jul 2010 15:32:20 -0700


On Jul 10, 2010, at 3:14 PM, Andrew Hood wrote:

Except the 64 bit versions don't decode SNMP, unless someone has come up
with a 64 bit version of libsmi and changed the build recently.

At the source code level, a 64-bit version of libsmi is "libsmi compiled with the compiler generating 64-bit code"; I 
had no problem building libsmi 64-bit on my machine:

        $ ./wireshark -v
        wireshark 1.5.0 (SVN Rev 33472 from /trunk)

        Copyright 1998-2010 Gerald Combs <gerald () wireshark org> and contributors.
        This is free software; see the source for copying conditions. There is NO
        warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

        Compiled with GTK+ 2.12.11, (64-bit) with GLib 2.16.4, with libpcap 1.0.0, with
                                     ^^^^^^
        libz 1.2.3, without POSIX capabilities, without libpcre, with SMI 0.4.8, without
                                                                 ^^^^^^^^^^^^^^
        c-ares, without ADNS, with Lua 5.1, without Python, with GnuTLS 2.6.0, with
        Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Dec
        20 2009 14:19:53), without AirPcap.

        Running on Darwin 10.4.0 (Mac OS 10.6.4), with libpcap version 1.0.0, with libz
        1.2.3, GnuTLS 2.6.0, Gcrypt 1.4.5.

        Built using gcc 4.2.1 (Apple Inc. build 5659).

I don't know why the 64-bit OS X buildbot build isn't built with libsmi.  I can't speak for the Windows build.  The 
packages available for various Linux distributions might be build with libsmi, even in the 64-bit versions.

And, of course, if you don't care about SNMP (beyond what the SNMP dissector will get you without libsmi; the dissector 
exists even without libsmi, it just doesn't interpret variable bindings beyond what you can get by looking at the BER 
encoding) - which Maverick might not - that might not be an issue.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


Current thread: