Wireshark · Wireshark-dev: Re: [Wireshark-dev] Windows dumpcap -i TCP@<IP>

Wireshark-dev: Re: [Wireshark-dev] Windows dumpcap -i TCP@<IP>

From: Anders Broman <anders.broman@xxxxxxxxxxxx>

Date: Tue, 18 Sep 2018 07:27:10 +0000

What version of Wireshark and what Linux version on the remote side? I think some work has ben done on rpcap recently so trying out the development version

is an option. https://www.wireshark.org/download/automated/win64/

Regards

Anders

From: Wireshark-dev <wireshark-dev-bounces@xxxxxxxxxxxxx> On Behalf Of James Ko
Sent: den 18 september 2018 02:22
To: wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Windows dumpcap -i TCP@<IP>

Hi,

I am trying to connect to a remote PCAPNG stream from Windows using the TCP@ socket interface but the connection closes immediately after connecting. The same dumpcap command on linux works just fine to the remote TCP socket.

No errors indicating any failure are printed from dumpcap.exe

C:\>"\Program Files\Wireshark\dumpcap.exe" -i TCP@192.168.1.100 -w -

Capturing on 'TCP@192.168.1.100'

dumcap:

C:\>

On the remote end running in linux I see a connect and disconnect with EPOLLHUP event.

Has anyone else tried or have remote TCP socket connections working with dumpcap in Windows?

James

Follow-Ups:
- Re: [Wireshark-dev] Windows dumpcap -i TCP@<IP>
  - From: James Ko

References:
- [Wireshark-dev] Windows dumpcap -i TCP@<IP>
  - From: James Ko

Prev by Date: Re: [Wireshark-dev] Pointers needed for building Wireshark 2.6.3 on a Raspberry Pi model 3B (armv7 processor?)
Next by Date: Re: [Wireshark-dev] Unhandled exception
Previous by thread: [Wireshark-dev] Windows dumpcap -i TCP@<IP>
Next by thread: Re: [Wireshark-dev] Windows dumpcap -i TCP@<IP>
Index(es):
- Date
- Thread