On 8/24/07, Guy Harris <[EMAIL PROTECTED]> wrote: > > Audet, Jean-Michel wrote: > > > My problem is when I am starting the capture. My function close is > > called then the find device loop starts, all the device (including > > Ethernet, lo, ...) are re-open than close and is stuck in a loop. Than > > I got a message from Wireshark that the process just died. > > What was the exact message? > > It could be that the process crashed, perhaps in your code.
I found a similar symptom when I was debugging my code... 1/ Wireshark actually appears to be a two part application with lt-wireshark and lt-dumpcap. 2/ For historical reasons, I had a capture filter defined that automatically was included whenever I started Wireshark. 3/ My version allows me to trace WAN protocols too. 4/ Whenever I tried to monitor a WAN port with an IP (like) capture filter, lt-dumpcap would die. 5/ Wireshark would display a popup "Child capture process dies: Abort". And I'd see the 'finddevice' loop going. I haven't bother to figure out right now why the BPF compiler doesn't like the filter when monitoring WANs, so I just ensure that I only have an appropriate filter when monitoring WAN ports. For example: "NOT IP HOST 10.23.0.206" is OK when monitoring Ethernets, but not WANs. "ether[1] == 0x47" is OK when monitoring either Ethernets _or_ WANs. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
