Wireshark-users: Re: [Wireshark-users] Upgraded wireshark to 1.2.6 but nowold pcapfiles cannot be
From: Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 25 Mar 2010 14:55:21 -0400
On Mar 24, 2010, at 13:31, Kok-Yong Tan wrote:

On Mar 24, 2010, at 02:19, Jose Pedro Oliveira wrote:

On 2010-03-24 05:32, Kok-Yong Tan wrote:

On Mar 24, 2010, at 01:10, Jose Pedro Oliveira wrote:

On 2010-03-24 02:45, Kok-Yong Tan wrote:

Any recommendations? Can I build the version of libz that predates this wholesale replacement of gz* functions? Do you know which one
that was?

I had exactly the same problem you described using Wireshark from
MacPorts (and I've built both versions available: 1.2.6 and 1.3.3).

While I haven't figured out what the problem was, I uninstalled them
and started using the Wireshark MacOSX pre-built binaries instead.
They are available for download here:

   http://www.wireshark.org/download/osx/

Note: I'm currently using the 1.3.3 build.


Isn't 1.3.3 a developer build?

Yes it is (I've been using it for quite a while now without finding
any problems) but you can always install the 1.2.6 binaries.

But if really want the latest development release
you can find it here :)
http://www.wireshark.org/download/automated/osx/


Many thanks.  But I think I'll stick with the MacPorts distribution
since it builds in a very localized fashion and installs both source,
libraries and executables in an easily removeable location:  /opt.
I've discovered that getting Wireshark to build using the zlib 1.2.3
libraries isn't as horrendously difficult as I'd imagined.  I'll let
everybody know how it goes (it took me a little while to figure out
how to do it as the instructions aren't very clear but my procedure
seemed to work and I'm in mid-build right now).  And I've verified
with the maintainer of the Wireshark port that he, too, had the same
issues and that they went away as soon as he rebuilt his copy using
zlib 1.2.3 instead of zlib 1.2.4.  But I want to test the build for
myself since his rebuild was only on Snow Leopard while mine is on
Snow Leopard, Leopard and Tiger (I have multiple machines and want to
ensure Wireshark works on all those platforms).


Okay, confirmed: The problem is with using zlib 1.2.4 with wireshark 1.2.6 on Tiger, Leopard and Snow Leopard. If wireshark 1.2.6 on Tiger, Leopard and Snow Leopard is rebuilt under MacPorts to use the zlib 1.2.3 libraries, all my earlier problems with opening prior capture files in wireshark as well as making new captures (not just storing new captures) just vanish.

Building wireshark under MacPorts is pretty simple. Just follow this procedure:

1. Download and install the appropriate version of Xcode for your OS version from Apple's developer site;

2. Download and install the initial MacPorts 1.8.2 standard Apple installer from <http://www.macports.org>;

3.  Type "sudo port selfupdate" if you want to be anal (I always am);

4.  Type "sudo port install wireshark"

and that's it but that gives you wireshark 1.2.6 with the zlib 1.2.4 package. To get wireshark to use the older zlib 1.2.3 package, you just have to follow the instructions here: <http://trac.macports.org/ wiki/howto/InstallingOlderPort> precisely. Then deactivate, clean and install the wireshark package again but this time do "sudo port - n install wireshark" (disregarding the man page so it doesn't go out and re-download the latest zlib 1.2.4 package. The reason for installing wireshark and then re-installing it again with the -n switch is to ensure that all other packages it depends on are the latest and greatest before backing out the zlib package from 1.2.4 to 1.2.3 to do the reinstall.

Hope this helps someone out there in the same boat.
--
Reality Artisans, Inc.             #   Network Wrangling and Delousing
P.O. Box 565, Gracie Station       #   Apple Certified Consultant
New York, NY 10028-0019            #   Apple Consultants Network member
<http://www.realityartisans.com>   #   Apple Developer Connection member
(212) 369-4876 (Voice) # My PGP public key can be found at <https://keyserver.pgp.com>