Closed thecityofguanyu closed 6 years ago
What OS is the rpcap client running?
Is the rpcap client also using libpcap built from the current master?
Do you have a network trace of the rpcap traffic?
Try it with the current tip of the master branch; 2972769d03dd60d4bce233a12d77a3464f0d9dc4 fixes a bug where protocol version negotiation didn't work.
That does, however, show a Wireshark bug - the error dialog should have said "The server doesn't support any protocol version that we support", but the Wireshark code doesn't properly handle getting an actual error from pcap_findalldevs_ex()
.
Try it with the current tip of the master branch
This means try building rpcapd for the server from the current tip of the master branch AND, if you built Wireshark on the client with a libpcap built from the master branch, try building Wireshark on the client with a libpcap built from the current tip of the master branch - the bug was in both the client and server side.
That does, however, show a Wireshark bug - the error dialog should have said "The server doesn't support any protocol version that we support", but the Wireshark code doesn't properly handle getting an actual error from
pcap_findalldevs_ex()
.
Fixed in Wireshark change 24627 and in the backports to 2.4 and 2.2.
@guyharris
What OS is the rpcap client running?
rpcap client OS is Windows 10.0.14393. Off topic, but is there a way to run an rpcap client off *nix?
Is the rpcap client also using libpcap built from the current master?
The rpcap client is not using libpcap built from current master. Its libpcap version within Wireshark 2.2.6 appears to be libpcap 1.0 branch 1_0_rel0b (20091008).
Do you have a network trace of the rpcap traffic?
I do not have a network trace.
Try it with the current tip of the master branch; 2972769 fixes a bug where protocol version negotiation didn't work.
I can confirm that this appears to fix the issue! Pulled master (commit 2972769) and there was no error upon connecting the client. Capturing seems to work as expected.
Thanks for the quick response and work!
Off topic, but is there a way to run an rpcap client off *nix?
Yes, but you have to build libpcap yourself (I'd suggest using the tip of the master branch), configuring it with --enable-remote
if you're using autotools or -DENABLE_REMOTE=YES
if you're using CMake, and arrange to link your program (tcpdump, Wireshark, etc.) with that version of libpcap.
The rpcap client is not using libpcap built from current master. Its libpcap version within Wireshark 2.2.6 appears to be libpcap 1.0 branch 1_0_rel0b (20091008).
OK, that one doesn't have the bug I introduced, so replacing the rpcapd is sufficient.
I do not have a network trace.
Not needed - it showed up with tcpdump (built on *nix - macOS - with tip-of-the-master branch libpcap) when I was doing some other rpcap testing, and it, unlike Wireshark, actually reported the real problem, so it was easier to diagnose.
Rpcapd complied from current master, commit
800fff521b3a90300d03af880b4626ede13c57bd
.Details of system compiling/running rpcapd:
Compiling process:
And daemon started with:
The following outputs to stdout when client attempts to connect:
The rpcap client is running Wireshark v2.2.6-0-g32dac6a. That Wireshark instance displays error window noting "No remote interfaces found".