Wireshark mailing list archives
Re: Upgraded wireshark to 1.2.6 but nowold pcapfiles cannot be read
From: Kok-Yong Tan <ktan () realityartisans com>
Date: Thu, 25 Mar 2010 15:11:12 -0400
On Mar 25, 2010, at 14:55, Kok-Yong Tan wrote:
On Mar 24, 2010, at 13:31, Kok-Yong Tan wrote:On Mar 24, 2010, at 02:19, Jose Pedro Oliveira wrote:On 2010-03-24 05:32, Kok-Yong Tan wrote:On Mar 24, 2010, at 01:10, Jose Pedro Oliveira wrote:On 2010-03-24 02:45, Kok-Yong Tan wrote:Any recommendations? Can I build the version of libz that predates this wholesale replacement of gz* functions? Do you know which one that was?I had exactly the same problem you described using Wireshark from MacPorts (and I've built both versions available: 1.2.6 and 1.3.3). While I haven't figured out what the problem was, I uninstalled them and started using the Wireshark MacOSX pre-built binaries instead. They are available for download here: http://www.wireshark.org/download/osx/ Note: I'm currently using the 1.3.3 build.Isn't 1.3.3 a developer build?Yes it is (I've been using it for quite a while now without finding any problems) but you can always install the 1.2.6 binaries. But if really want the latest development release you can find it here :) http://www.wireshark.org/download/automated/osx/Many thanks. But I think I'll stick with the MacPorts distribution since it builds in a very localized fashion and installs both source, libraries and executables in an easily removeable location: /opt. I've discovered that getting Wireshark to build using the zlib 1.2.3 libraries isn't as horrendously difficult as I'd imagined. I'll let everybody know how it goes (it took me a little while to figure out how to do it as the instructions aren't very clear but my procedure seemed to work and I'm in mid-build right now). And I've verified with the maintainer of the Wireshark port that he, too, had the same issues and that they went away as soon as he rebuilt his copy using zlib 1.2.3 instead of zlib 1.2.4. But I want to test the build for myself since his rebuild was only on Snow Leopard while mine is on Snow Leopard, Leopard and Tiger (I have multiple machines and want to ensure Wireshark works on all those platforms).Okay, confirmed: The problem is with using zlib 1.2.4 with wireshark 1.2.6 on Tiger, Leopard and Snow Leopard. If wireshark 1.2.6 on Tiger, Leopard and Snow Leopard is rebuilt under MacPorts to use the zlib 1.2.3 libraries, all my earlier problems with opening prior capture files in wireshark as well as making new captures (not just storing new captures) just vanish. Building wireshark under MacPorts is pretty simple. Just follow this procedure: 1. Download and install the appropriate version of Xcode for your OS version from Apple's developer site; 2. Download and install the initial MacPorts 1.8.2 standard Apple installer from <http://www.macports.org>; 3. Type "sudo port selfupdate" if you want to be anal (I always am); 4. Type "sudo port install wireshark" and that's it but that gives you wireshark 1.2.6 with the zlib 1.2.4 package. To get wireshark to use the older zlib 1.2.3 package, you just have to follow the instructions here: <http://trac.macports.org/ wiki/howto/InstallingOlderPort> precisely. Then deactivate, clean and install the wireshark package again but this time do "sudo port - n install wireshark" (disregarding the man page so it doesn't go out and re-download the latest zlib 1.2.4 package. The reason for installing wireshark and then re-installing it again with the -n switch is to ensure that all other packages it depends on are the latest and greatest before backing out the zlib package from 1.2.4 to 1.2.3 to do the reinstall. Hope this helps someone out there in the same boat.
Oops. Hit the "send" button too soon: The above should read: "...(disregarding the man page where it says that the -n switch only applies to upgrading) so it doesn't go out..." instead of just "...(disregarding the man page so it doesn't go out..." -- Reality Artisans, Inc. # Network Wrangling and Delousing P.O. Box 565, Gracie Station # Apple Certified Consultant New York, NY 10028-0019 # Apple Consultants Network member <http://www.realityartisans.com> # Apple Developer Connection member (212) 369-4876 (Voice) # My PGP public key can be found at <https://keyserver.pgp.com> ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Upgraded wireshark to 1.2.6 but now old pcap files cannot be read, (continued)
- Re: Upgraded wireshark to 1.2.6 but now old pcap files cannot be read Guy Harris (Mar 23)
- Re: Upgraded wireshark to 1.2.6 but now old pcap files cannot be read Kok-Yong Tan (Mar 23)
- Re: Upgraded wireshark to 1.2.6 but now old pcap files cannot be read Guy Harris (Mar 23)
- Re: Upgraded wireshark to 1.2.6 but now old pcap files cannot be read Kok-Yong Tan (Mar 23)
- Re: Upgraded wireshark to 1.2.6 but now old pcap files cannot be read Guy Harris (Mar 23)
- Re: Upgraded wireshark to 1.2.6 but now old pcapfiles cannot be read Jose Pedro Oliveira (Mar 23)
- Re: Upgraded wireshark to 1.2.6 but now old pcapfiles cannot be read Kok-Yong Tan (Mar 23)
- Re: Upgraded wireshark to 1.2.6 but nowold pcapfiles cannot be read Jose Pedro Oliveira (Mar 23)
- Re: Upgraded wireshark to 1.2.6 but nowold pcapfiles cannot be read Kok-Yong Tan (Mar 24)
- Re: Upgraded wireshark to 1.2.6 but nowold pcapfiles cannot be read Kok-Yong Tan (Mar 25)
- Re: Upgraded wireshark to 1.2.6 but nowold pcapfiles cannot be read Kok-Yong Tan (Mar 25)