Comments (20)
May have spoken too soon. I changed "-DPacket_ROOT=..." to "-DPCAP_ROOT=..." and seems to be getting further. Perhaps just your instructions need updated.
from tcpdump.
OK, seems that the cmake command I shared
cmake "-DPacket_ROOT=E:\npcap_sdk" -G "Visual Studio 17 2022" E:\tcpdump-4.99.4
And a follow-up msbuild command as per the docs of
msbuild /m /nologo /p:Configuration=Release tcpdump.sln
Works with a few warnings output:
E:\tcpdump-4.99.4\addrtoname.c(156,10): warning C4996: 'gethostbyaddr': Use getnameinfo() or GetNameInfoW() in
stead or define _WINSOCK_DEPRECATED_NO_WARNINGS to disable deprecated API warnings [E:\tcpdump_build\netdissect.
vcxproj]
E:\tcpdump-4.99.4\print-arista.c(146,36): warning C4244: 'function': conversion from 'uint64_t' to 'uint32_t',
possible loss of data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump-4.99.4\print-resp.c(327,5): warning C4244: '-=': conversion from '__int64' to 'int', possible loss
of data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump-4.99.4\print-resp.c(374,5): warning C4244: '-=': conversion from '__int64' to 'u_int', possible los
s of data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump-4.99.4\print-snmp.c(759,12): warning C4267: '-=': conversion from 'size_t' to 'uint32_t', possible
loss of data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump-4.99.4\print-snmp.c(1833,19): warning C4244: '=': conversion from '__int64' to 'u_int', possible lo
ss of data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump-4.99.4\print-zeromq.c(121,76): warning C4244: 'function': conversion from 'uint64_t' to 'u_int', po
ssible loss of data [E:\tcpdump_build\netdissect.vcxproj]
But runs on the server it was built on - Server 2016 I believe - but not on WinPE x64, which can only run x64 executables.
I think I built a 32-bit instead of a 64-bit.
I tried -G "Visual Studio 17 2022 Win64" at first, but it doesn't work with that generator. My assumption is VS 2022 is 64-bit only. I suppose I can try to get VS 15 2019 on here and use "Visual Studio 15 2019 Win64"?
from tcpdump.
I discovered that while -G "Visual Studio 17 2022 Win64" doesn't work, -G "Visual Studio 17 2022" -A x64 does.
However I get all the same converting 64-bit thing to 32-bit thing warnings, and tcpdump.exe does not run on x64 WinPE.
Not sure what to try next. Thanks for any help.
from tcpdump.
At least some of the warnings have been addressed in the master branch and the fixes will be available in libpcap 1.11.0 when it comes out, so it is fine to disregard them for now. Please see this document and update whether it helped.
from tcpdump.
I'm only using the downloaded tcpdump tarball, not libpcap, since that's not in the instructions and instead using npcap SDK?
That said the created tcpdump.exe from msbuild at Release\tcpdump.exe does not run on x64 WinPE. I'm not sure if the generated exe is 64-bit tcpdump or not. x64 WinPE does not run 32-bit executables at all, not sure if that is my issue.
The generated tcpdump.exe does seem to work on the build machine I'm using, which can run 32-bit and 64-bit programs.
from tcpdump.
I have tried to add /p:Platform=x64 to the msbuild command, but that did not help.
from tcpdump.
My Windows expertise extends only as far as remembering where the README is.
from tcpdump.
@infrastation Gotcha. Thanks for trying. Mine is not great either, but legacy environment on WinPE x64 until I replace it with Linux. Was glad to see those instructions existed, but sadly not working.
from tcpdump.
I updated the issue title / description to more closely match what's now being discussed.
from tcpdump.
I updated the issue title / description to more closely match what's now being discussed.
There's more than one issue:
Packet_ROOT
vs.PCAP_ROOT
, which is probably a copy-and-pasteo from libpcap's README.Win32.md;Win64
vs.-A x64
.
Both need to be fixed (in both the main and 1.10 branches).
from tcpdump.
This should be fixed, in the main branch, in 2e689a6. Check whether the instructions at https://github.com/the-tcpdump-group/tcpdump/blob/master/doc/README.Win32.md are now correct.
from tcpdump.
Also backported to the 1.10 branch in 8ee8453.
from tcpdump.
@guyharris thanks for taking a look. The documentation looks better now but unless I just can't use Visual Studio 2022, using those new options as I did still won't produce a working 64-bit exe I don't think, since it doesn't run on WinPE 64-bit. Unless you also changed some code since the current release tarball that makes it work. I can just pull main and use that instead of the release tarball and report back. Can we reopen the issue?
from tcpdump.
Okay, ran the commands on Server 2016 build server, using the latest commit on master (b820ca).
Instead of 7 warnings, there are 11. The original 7 still there, plus more. Additionally, after msbuild, copying Release\tcpdump.exe to a WinPE x64 host and tcpdump.exe does not run.
I can try Visual Studio 2019? Visual Studio 2017 and earlier are no longer available from Microsoft.
The warnings list using this method:
"E:\tcpdump_build\tcpdump.sln" (default target) (1) ->
"E:\tcpdump_build\netdissect.vcxproj.metaproj" (default target) (2) ->
"E:\tcpdump_build\netdissect.vcxproj" (default target) (5) ->
(ClCompile target) ->
E:\tcpdump_git\addrtoname.c(153,10): warning C4996: 'gethostbyaddr': Use getnameinfo() or GetNameInfoW() inste
ad or define _WINSOCK_DEPRECATED_NO_WARNINGS to disable deprecated API warnings [E:\tcpdump_build\netdissect.vcx
proj]
E:\tcpdump_git\print-bootp.c(1009,18): warning C4244: '=': conversion from 'uint16_t' to 'uint8_t', possible l
oss of data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump_git\print-resp.c(328,5): warning C4244: '-=': conversion from '__int64' to 'int', possible loss of
data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump_git\print-resp.c(375,5): warning C4244: '-=': conversion from '__int64' to 'u_int', possible loss o
f data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump_git\print-snmp.c(741,12): warning C4267: '-=': conversion from 'size_t' to 'uint32_t', possible los
s of data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump_git\print-snmp.c(1809,19): warning C4244: '=': conversion from '__int64' to 'u_int', possible loss
of data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump_git\print-tcp.c(638,69): warning C4244: 'function': conversion from 'uint16_t' to 'u_char', possibl
e loss of data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump_git\print-zeromq.c(123,76): warning C4244: 'function': conversion from 'uint64_t' to 'u_int', possi
ble loss of data [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump_git\util-print.c(253,18): warning C4133: 'function': incompatible types - from 'const long *' to 'c
onst time_t *const ' [E:\tcpdump_build\netdissect.vcxproj]
E:\tcpdump_git\util-print.c(255,15): warning C4133: 'function': incompatible types - from 'const long *' to 'c
onst time_t *const ' [E:\tcpdump_build\netdissect.vcxproj]
"E:\tcpdump_build\tcpdump.sln" (default target) (1) ->
"E:\tcpdump_build\tcpdump.vcxproj.metaproj" (default target) (3) ->
"E:\tcpdump_build\tcpdump.vcxproj" (default target) (6) ->
E:\tcpdump_git\tcpdump.c(1572,2): warning C4013: 'tzset' undefined; assuming extern returning int [E:\tcpdump_
build\tcpdump.vcxproj]
from tcpdump.
Additionally, after msbuild, copying Release\tcpdump.exe to a WinPE x64 host and tcpdump.exe does not run.
What if you try to run it on an Ordinary Boring Non-Windows-Preinstallation-Environment-Just-Regular-Windows x64 host?
from tcpdump.
Oh, and the WinPE machine does have Npcap installed, right?
from tcpdump.
@guyharris it runs on the build server, which is just such a host. Those hosts can run 32-bit programs. WinPE x64 can only run 64-bit programs. WinPE doesn't have npcap installed because I can't install programs on the WinPE image, I have to have "portable" executables. I thought with using the SDK in building the executable, clients would only need the executable, not also need npcap installed. Am I wrong in that assumption?
from tcpdump.
Those hosts can run 32-bit programs.
Do you have evidence to indicate that tcpdump.exe is a 32-bit program? (No, "it won't run on the WinPE machine" isn't sufficient evidence; read on.)
WinPE doesn't have npcap installed because I can't install programs on the WinPE image, I have to have "portable" executables.
That's probably why it won't run.
I thought with using the SDK in building the executable, clients would only need the executable, not also need npcap installed. Am I wrong in that assumption?
Definitely wrong.
Npcap consists of three components:
- A kernel-mode driver (NDIS filter driver) that implements the packet capturing.
- A DLL that provides APIs that perform I/O operations on the devices provided by the NDIS filter driver.
- A version of libpcap, built from libpcap source, that calls that DLL to perform capture operations.
If you can statically link with the latter two components (i.e., if there were real .libs, rather than import library .libs, with which you could link) , then you would have an executable that would, at least, not give "sorry, can't find that DLL" errors if you try to run it on a system without the DLLs.
Of course, the static version of library 2 would fail in any attempt to open the devices, so the resulting tcpdump would give errors if you tried to capture any traffic; it'd be able to read pcap and pcapng files as well as any other version of tcpdump, but that's it.
So if your intent is to capture traffic, you're going to need either Npcap on the machine or a version of libpcap for Windows that uses a mechanism that's built into Windows and that's part of WinPE. I don't think anybody's written the latter.
from tcpdump.
@guyharris I think you are right, copying the executable to other 64-bit systems without npcap don't work either. Sadly I don't think I can get npcap to install inside a WinPE image that's only booted temporarily in a PxE environment. I think I'd have to purchase OEM licensing to even be able to run their installer silently. :/ Thanks for the help though.
from tcpdump.
Closing issue
from tcpdump.
Related Issues (20)
- print-ascii.c and '-DMAIN' HOT 3
- When I tried to cross compile tcpdump for riscv64, the tcpdump configure script didn't find libpcap HOT 4
- The -B option of tcpdump on my machine doesn't seem to have any effect HOT 9
- CMake 3.27 emits a deprecation warning HOT 7
- Potential memory leak in tcpdump.c HOT 2
- tcpdump with -i any shown invalid ip and bogus ipv4 in wireshark HOT 21
- How can grep the result in tcpdump with --version or -L(data-link-types) HOT 1
- tcpdump -r pcap file error HOT 4
- segmentation fault when using "-Z root" and "-w" HOT 2
- Missing support for L2TPv3 HOT 3
- tcpdump exits before completing the merge HOT 6
- tcpdump -n becomes very slow after some time if large number of IP addresses is present
- tcpdump apparmor denied open operation to /etc/pam_ldap.conf Ubuntu 22.04.3 LTS HOT 2
- [Bug] Infinite Loop Vulnerability in tcpdump leading to Potential DDoS Conditions HOT 9
- Update Sun RPC code to BSD-3-Clause copy
- Using an Android phone to grab the app, tcpdump has not shown any response. TCpdump is the latest version, with Android 8.1 system and Nexus5x phone HOT 4
- -G drops packets if not enough traffic is recorded HOT 7
- OpenBSD 7.5 build fails because EVP_add_cipher_alias() no longer exists in OpenBSD libcrypto HOT 1
- mkdep does not detect compiler failures HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tcpdump.