LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-13-2015, 02:48 PM   #1
tiger762
LQ Newbie
 
Registered: Apr 2006
Posts: 11

Rep: Reputation: 0
Problem running Wireshark-1.8.10 on RHEL6


So I've been given this RedHat box to make into a usable platform to do network troubleshooting:

Code:
[root@ccnstorage ~]# uname -a
Linux ccnstorage 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
I installed the latest wireshark and wireshark-gnome. All went well:

Code:
[root@ccnstorage ~]# rpm -qa | grep wireshark
wireshark-gnome-1.8.10-17.el6.x86_64
wireshark-1.8.10-17.el6.x86_64
After I use "ssh -X" to log in remotely with X forwarding, I run wireshark. Starts up fine. I set a reasonable capture filter. This is where it got weird. Saw an error I've never seen before: "dumpcap: symbol lookup error: dumpcap: undefined symbol: pcap_set_tstamp_precision"

So It's starting dumpcap to do the actual capture. Trying dumpcap from the command line:

Code:
[root@ccnstorage ~]# dumpcap -i lo
Capturing on lo
dumpcap: symbol lookup error: dumpcap: undefined symbol: pcap_set_tstamp_precision
Hmm, alright. Let's look at it under "strace -f dumpcap -i lo"

Code:
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0
access("/usr/share/dracut/modules.d/01fips", F_OK) = -1 ENOENT (No such file or directory)
brk(0)                                  = 0x7f81b74ab000
brk(0x7f81b74cc000)                     = 0x7f81b74cc000
sched_getparam(20565, { 0 })            = 0
sched_getscheduler(20565)               = 0 (SCHED_OTHER)
clock_getres(CLOCK_MONOTONIC, {0, 1})   = 0
sched_get_priority_min(SCHED_OTHER)     = 0
sched_get_priority_max(SCHED_OTHER)     = 0
sched_get_priority_max(SCHED_OTHER)     = 0
open("/usr/lib64/charset.alias", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2512, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81b5b40000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2512
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x7f81b5b40000, 4096)            = 0
rt_sigaction(SIGTERM, {0x7f81b5b4c4c0, [], SA_RESTORER, 0x7f81b4ba8710}, NULL, 8) = 0
rt_sigaction(SIGINT, {0x7f81b5b4c4c0, [], SA_RESTORER, 0x7f81b4ba8710}, NULL, 8) = 0
rt_sigaction(SIGPIPE, {0x7f81b5b4c4c0, [], SA_RESTORER, 0x7f81b4ba8710}, NULL, 8) = 0
rt_sigaction(SIGHUP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x7f81b5b4c4c0, [], SA_RESTORER, 0x7f81b4ba8710}, NULL, 8) = 0
getuid()                                = 0
geteuid()                               = 0
getgid()                                = 0
getegid()                               = 0
getuid()                                = 0
getgid()                                = 0
write(2, "Capturing on lo\n", 16Capturing on lo
)       = 16
writev(2, [{"dumpcap", 7}, {": ", 2}, {"symbol lookup error", 19}, {": ", 2}, {"dumpcap", 7}, {": ", 2}, {"undefined symbol: pcap_set_tstam"..., 43}, {"", 0}, {"", 0}, {"\n", 1}], 10dumpcap: symbol lookup error: dumpcap: undefined symbol: pcap_set_tstamp_precision
) = 83
exit_group(127)                         = ?
So "/usr/share/dracut/modules.d/01fips" is missing as well as "/usr/lib64/charset.alias". Nothing is jumping out at me as the obvious root cause.

Any help appreciated!
 
Old 08-15-2015, 02:11 PM   #2
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,647

Rep: Reputation: 2655Reputation: 2655Reputation: 2655Reputation: 2655Reputation: 2655Reputation: 2655Reputation: 2655Reputation: 2655Reputation: 2655Reputation: 2655Reputation: 2655
can you post some information
Code:
cat /etc/redhat-release
the kernel you are using is OLD it is fro the older 6.6
and not the CURRENT 6.7

also please post any errors and warnings from this
Code:
su -
yum update


Quote:
I installed the latest wireshark and wireshark-gnome. All went well
How ?
" wireshark-1.10.0-1.el6.rft.x86_64.rpm "
is the current in the RPMForge repo for RHEL6 ( 6.7 )
 
Old 08-15-2015, 05:25 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,182

Rep: Reputation: 3646Reputation: 3646Reputation: 3646Reputation: 3646Reputation: 3646Reputation: 3646Reputation: 3646Reputation: 3646Reputation: 3646Reputation: 3646Reputation: 3646
I was wondering if the 1.10 would be best too.

http://pkgs.repoforge.org/wireshark/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Machine hanged running RHEL6.2 uncertainly boby.kumar Red Hat 2 12-23-2013 06:46 AM
RHEL6.3 NFS running but rpc.svcgssd is stopped why? how solve? zhenqingzuo63164 Red Hat 8 01-13-2013 05:24 PM
[SOLVED] Mp3 songs are not running in rhel6.1 saharavin@gmail.com Linux - Software 3 11-19-2012 07:01 AM
Getting an error before running wireshark on a linux server ravori Linux - Server 1 01-25-2011 09:52 AM
Wireshark not running on CentOS? deostroll Linux - Software 14 08-18-2009 11:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 05:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration