Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Debugging Wireshark dissector plugins

From: <Tim.Poth () bentley com>
Date: Tue, 12 Jan 2010 14:23:48 -0500
Don't use the protocol and then you wouldn't have to dissect it :-)

Windows or linux?
When you build your dissector make sure you build with symbols (different than a debug build) and get yourself some 
debugging tools. For windows http://www.microsoft.com/whdc/Devtools/Debugging/default.mspx you want to get 32bit for a 
32 bit Wireshark or 64bit for a 64bit Wireshark. Don't get the IA64 unless you are on Itanium hardware.
Under windows
-You can use <debugging tools install>\adplus.vbs to create -hang dumps (snapshots of memory) to see whats going on. 
Sounds like a busy hang (cpu at 50%) so you will need to take 3 or more snapshots and see how it moved from dump to dump
-You can attach with the debugger to Wireshark (<debugging tools install>\windbg -pn Wireshark.exe) and with your 
symbols and source code you can step through the code and see whats going on.

Under linux I have no idea, if you are under linux let me know and ill see if I can get you some info

Hope that helps


From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of sean bzd
Sent: Tuesday, January 12, 2010 1:53 PM
To: Community support list for Wireshark
Subject: [Wireshark-users] Debugging Wireshark dissector plugins

I asked a similar question before but got no response. Can someone please provide some direction?

Problem:
I have a custom dissector and works fine most of the time; but sometimes, when I load the network capture containing 
packets (that the dissector is supposed to understand), the Wireshark application just hangs. The CPU consumption goes 
to 50% and stays there...it is as if it is in a tight loop. I'm using version 1.2.2 but same happens with different 
versions of wireshark; I know that the problem is in the dissector because if I remove the dissector plugin, wireshark 
is able to load the capture file. But i need some direction on how to proceed forward. Can i put some printfs in the 
dissector or elsewhere? Any other ideas?

Thanks,
Sean

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: