Wireshark · Ethereal-dev: Re: [ethereal-dev] ethereal on AIX-4.3.2

Ethereal-dev: Re: [ethereal-dev] ethereal on AIX-4.3.2

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Wed, 22 Dec 1999 12:36:00 -0800 (PST)

> I'm trying to get ethereal-0.7.9 to work on AIX-4.3.2, with libpcap.
> I built a recent version of libpcap (both libpcap-0.4 and
> libpcap-1999-12-09) as a shared lib, and this seems to work with
> the freeware tcpdump (both tcpdump-3.4 and tcpdump-1999-12-09).
> 
> ethereal compiles and links cleanly (once I linked glib and gtk+
> manually), and opens a display when executed. The capture interface does
> capture packets (from en0), but almost all the packets are interpreted as
> Token-Ring packets instead of Ethernet.

"libpcap" is probably using BPF rather than DLPI; to quote some mail
from Craig Rodrigues (which appears in a "README.aix" file that's not in
the 0.7.9 distribution but that will be in the 0.8.0 distribution):

	I have managed to successfully compile and use the latest
	snapshot of libpcap under AIX using DLPI.  bpf is majorly
	brain-dead under AIX, and very unsupported.  Rather than find
	all the bugs in AIX's bpf, I decided to try using dlpi, which is
	officially supported.

One of the problems is that it was returning IFT_ numbers rather than
DLT_ numbers for link types, and the IFT_ number for Ethernet (which is
an SNMP network type) has the same value as the DLT_ number for "IEEE
802" networks; "tcpdump" might be treating that as Ethernet, but we're
treating it as Token Ring.

I've attached the "README.aix" file, which includes some information on
getting Ethereal to work on AIX; I *think* the way you'd force "libpcap"
to use DLPI rather than BPF would be to run the "libpcap" configure
script with

	--with-pcap=dlpi

> In addition the File->Save menu option causes several GTK error messages
> to be displayed and a core-dump is produced. I don't think the two
> problems are realated.

I don't know the source of that, but Craig ran into a number of problems
with GTK+ on AIX; I forget whether this particular problem was one he
ran into or not (there was some particularly hideous problem that
*might* have involved compiling with "xlc_r" rather than "xlc", etc.
 - did you compile with GCC or an IBM compiler?).

Craig (rodrigc@xxxxxxxxxxxx) can probably help you out more here;
there's a pile of e-mail to the Ethereal and GTK+ mailing lists
discussing the various problems (I forget whether he also sent mail to
the "tcpdump-workers" list on the "libpcap" problems or not; he really
put in a *lot* of work bludgeoning various packages into working on AIX)
about this.

Follow-Ups:
- Re: [ethereal-dev] ethereal on AIX-4.3.2
  - From: Guy Harris

References:
- [ethereal-dev] ethereal on AIX-4.3.2
  - From: Ciaran . Deignan

Prev by Date: [ethereal-dev] ethereal on AIX-4.3.2
Next by Date: [ethereal-dev] Dynamic dissectors
Previous by thread: [ethereal-dev] ethereal on AIX-4.3.2
Next by thread: Re: [ethereal-dev] ethereal on AIX-4.3.2
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$