On Wed, Oct 30, 2002 at 03:43:58PM +0100, alain.bruneau@xxxxxxxx wrote:
> When I run capture, It generates the message :
>
> WARNING: DL_PROMISC_MULTI failed (recv_ack: promisc_multi error 0x3)
> WARNING: DL_PROMISC_SAP failed (recv_ack: promisc_sap error 0x3)
Yes, AIX sucks as an OS on which to run any capture program other than
the tcpdump that comes with it, as
1) the DLPI mechanism that AIX offers doesn't seem to work well
with libpcap's code for DLPI, for reasons we haven't figured
out;
2) IBM have not documented the BPF mechanism that their tcpdump
uses, and it's rather non-standard, so it's taken a long time
to figure out how to make libpcap use that.
Unfortunately, until
1) the next libpcap release comes out (I don't know when that
will be)
*and*
2) whoever prepares binary packages for AIX prepares one of that
release (I don't know when that will be *and* have no control
over when it will happen, if it ever happens - the current
libpcap release is 0.7.1, but it looks as if the latest
binary package, from wherever you got the package, is 0.6.1)
the only way to get Ethereal working is to download the GLib, GTK+,
current CVS libpcap, and Ethereal source, build the libraries in
question, install them, and then build Ethereal.
(The current CVS libpcap *should* work on AIX, but maybe there's another
rude AIX surprise waiting for us; we've fixed the last nasty problem we
know about. Earlier versions won't work well.
Furthermore:
1) when you run the configure script for libpcap, pass it the
flag "--with-pcap=bpf", to force it to use BPF rather than
DLPI;
2) the first time you run Ethereal - or any other program built
with that version of libpcap - after the machine boots, you
might have to run tcpdump, capturing from some network
interface, briefly, in order to force the BPF driver to be
loaded and its "/dev" files to be created.
Yes, this is a pain, but that's life with AIX, it appears.)
