Wireshark mailing list archives
Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Tue, 12 Jul 2016 18:37:42 -0400
On Tue, Jul 12, 2016 at 2:11 PM, Miroslav Rovis < miro.rovis () croatiafidelis hr> wrote:
And now the problem. I figured out something was wrong because my (primitive) program: https://github.com/miroR/tshark-streams.git wouldn't get SSL streams neither as ascii (text) nor as binary (raw) (see the script pls.). Samples for checking with the above versions are only two files from. I used these because the trace is short enough, and all is already posted: http://www.croatiafidelis.hr/foss/cap/cap-160606-dns-hr/ dump_160606_1328_g0n.pcap and dump_160606_1xxx_SSLKEYLOGFILE.txt Now, running this command with greater version than 2.0.2 of Wireshark (such as 2.1.0): tshark -o "ssl.keylog_file: dump_160606_1xxx_SSLKEYLOGFILE.txt" -r \ "dump_160606_1328_g0n.pcap" -T fields -e data -qz follow,ssl,raw,0 \ | grep -E '[[:print:]]' > dump_160606_1328_g0n_s000-ssl.raw gets me these in the syslog:
[...]
Jul 12 18:01:53 g0n kernel: [158754.612649] traps: tshark[11975] general protection ip:23c0292717 sp:3cdf3aec7f0 error:0 in tshark[23c026e000+43000] Jul 12 18:01:53 g0n kernel: [158754.612673] grsec: (miro:U:/) Segmentation fault occurred at (nil) in /usr/bin/tshark[tshark:11975] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:29776] uid/euid:1000/1000 gid/egid:1000/1000
tshark is crashing due to a segmentation violation. That's a bug. Please open a bug report: https://bugs.wireshark.org Please attach the capture file and include your instructions to reproduce it from above (just so folks don't have to go retrieve that from the email and your web site).
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- in >wireshark-2.0.2, tshark follow ssl stream segfaults Miroslav Rovis (Jul 12)
- Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Jeff Morriss (Jul 12)
- Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Miroslav Rovis (Jul 12)
- Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Miroslav Rovis (Jul 12)
- Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Miroslav Rovis (Jul 14)
- Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Jeff Morriss (Jul 14)
- Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Jeff Morriss (Jul 12)
- Re: in >wireshark-2.0.2, tshark follow ssl stream segfaults Miroslav Rovis (Jul 12)