Wireshark mailing list archives
Re: wireshark GUI vs tshark
From: Brian Oleksa <oleksab () darkcornersoftware com>
Date: Mon, 23 Nov 2009 14:03:20 -0500
Chris and Jaap Well.... I guess I can point out the obvious here: I wrote a dissector that works fine with the GUI with no problem...but it crashes when I use tshark. HOWEVER... if I remove my dissector....then my pcap file loads fine within tshark. So the problem has to be with my dissector....correct..?? Is there anyway I can post my code so you can take a look..?? This is hard to track down as again everything works fine in the GUI and I get NO real error message within tshark. What do you think..? Thanks, Brian Maynard, Chris wrote:
The file may not be corrupt but might contain packet(s) which are exposing a tshark bug. If you can post the capture file, that would probably help. If you don't wish to post it on the mailing list, you can open a bug report and post it there instead, marking the file as private if you so desire so only the core developers have access to it. - Chris -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Brian Oleksa Sent: Monday, November 23, 2009 12:59 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] wireshark GUI vs tshark Jaap and Chris I am running this on Win XP service pack 2. I am using wireshark Version 1.2.4 (SVN Rev 30978). The test.pcap file has been around for a while...so chances are it is not corrupt. It never crashes using the GUI...it just crashes and gives me that pop up when I run it with that tshark command. This is about all the information that I can provide....unless you can think of something else that you need..?? Thanks, Brian Jaap Keuter wrote:Hi Brian, Thanks for including the error report. It in itself doesn't tellanything,other than that a problem was detected. That's why Chris asked yousomemore questions on the whole situation. Maybe we can help you furtherwhenyou look into them. Thanks, Jaap On Mon, 23 Nov 2009 12:02:17 -0500, Brian Oleksa <oleksab () darkcornersoftware com> wrote:Chris I have attached the error this time....sorry about that. :-) I get this error when I run with tshark using the following command: tshark -nr test.pcap ip.dst==x.x.x.x But when I filter in the GUI ... I have no problems. Thanks, Brian Maynard, Chris wrote:Any thoughts..??My first thought was, "I guess you forgot to include the error." :) In addition to the error, you might want to include some Wireshark version information, what OS you're running on and any otherinformationthat you think might be relevant. By the way, I tried a similar tshark command using Wireshark 1.2.4onWindows XP SP3 with no problems. Maybe you are running an olderversionof Wireshark with a known bug that has been fixed, or maybe your test.pcap file is corrupt or exposes a Wireshark bug, in which caseabug report might be in order with the attached test.pcap fileincludedso the core developers can analyze the error and find & fix the bug. - Chris -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of BrianOleksaSent: Sunday, November 22, 2009 10:49 PM To: Developer support list for Wireshark Subject: [Wireshark-dev] wireshark GUI vs tshark Wiresharkers When I use my dissector with the GUI... everything works fine. Thepcapfile that I load comes right up with NO problems. I can filter (ip.dst==x.x.x.x) with no problems. But if I try to open that same pcap file with tshark using thefollowingcommand: tshark -nr test.pcap ip.dst==x.x.x.x The files appears to start loading.. then I get the following error. Any thoughts..?? Thanks, Brian CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receivethisemail in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email.________________________________________________________________________ ___Sent via: Wireshark-dev mailing list<wireshark-dev () wireshark org>Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request () wireshark org?subject=unsubscribe________________________________________________________________________ ___Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-devmailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- wireshark GUI vs tshark Brian Oleksa (Nov 22)
- Re: wireshark GUI vs tshark Maynard, Chris (Nov 22)
- Re: wireshark GUI vs tshark Brian Oleksa (Nov 23)
- Re: wireshark GUI vs tshark Jaap Keuter (Nov 23)
- Re: wireshark GUI vs tshark Brian Oleksa (Nov 23)
- Re: wireshark GUI vs tshark Maynard, Chris (Nov 23)
- Re: wireshark GUI vs tshark Brian Oleksa (Nov 23)
- Re: wireshark GUI vs tshark Jaap Keuter (Nov 23)
- Re: wireshark GUI vs tshark Brian Oleksa (Nov 23)
- Re: wireshark GUI vs tshark Jaap Keuter (Nov 23)
- Re: wireshark GUI vs tshark Brian Oleksa (Nov 24)
- Re: wireshark GUI vs tshark Maynard, Chris (Nov 24)
- Re: wireshark GUI vs tshark Jaap Keuter (Nov 24)
- Re: wireshark GUI vs tshark Brian Oleksa (Nov 23)
- Re: wireshark GUI vs tshark Maynard, Chris (Nov 22)
- Save while capturing BARILLY YANN (Nov 24)