search

cetic / foren6

6LoWPAN Diagnosis Tool
http://cetic.github.io/foren6
Other
71 stars 31 forks source link

Crash reading PCAP file, tshark exited #7

Open pacovi opened 10 years ago

pacovi commented 10 years ago

While loading a PCAP file it crashes. To reproduce the problem I have just to follow the Example 1 and when I start the capture the program crashes. The problem is that tshark is using a deprecated option (or so it says the log) and it just exits, creating an error on Foren6 and causing a crash.

It happens using Foren6 from Git or *.deb package on Ubuntu 12.04 LTS (I'm using Instant Contiki), "tshark -v" shows: "TShark 1.11.3 (SVN Rev 53420 from /trunk)"; and the console output of Foren6 after causing the crash is in the end of the issue (LOG1).

By using #DEFINE USE_NEW_TSHARK in the sniffer_packet_parser.c file, it does solve the problem but I get another one instead, marked as LOG2 in the end of the issue.

LOG1

Loading /usr/lib/foren6/interfaces/libinterface_pcap.so Registered interface pcap from file /usr/lib/foren6/interfaces/libinterface_pcap.so pcap interface initialized Loading /usr/lib/foren6/interfaces/libinterface_sensnif.so Registered interface sensnif from file /usr/lib/foren6/interfaces/libinterface_sensnif.so snif interface initialized Loading /usr/lib/foren6/interfaces/libinterface_snif.so Registered interface snif from file /usr/lib/foren6/interfaces/libinterface_snif.so snif interface initialized PktSync: New iface: /usr/share/doc/foren6/pcaps/example1-rpl-collect.pcap, nb root = 1 PCAP reader started tshark: -R without -2 is deprecated. For single-pass filtering use -Y. tshark exited Could not start tshark

LOG2

Loading /usr/lib/foren6/interfaces/libinterface_pcap.so Registered interface pcap from file /usr/lib/foren6/interfaces/libinterface_pcap.so pcap interface initialized Loading /usr/lib/foren6/interfaces/libinterface_sensnif.so Registered interface sensnif from file /usr/lib/foren6/interfaces/libinterface_sensnif.so snif interface initialized Loading /usr/lib/foren6/interfaces/libinterface_snif.so Registered interface snif from file /usr/lib/foren6/interfaces/libinterface_snif.so snif interface initialized PktSync: New iface: /usr/share/doc/foren6/pcaps/example1-rpl-collect.pcap, nb root = 1 PCAP reader started

(process:32359): GLib-CRITICAL _: g_hash_table_lookup_extended: assertion `hash_table != NULL' failed _ ERROR:wmem_core.c:50:wmem_alloc: assertion failed: (allocator->in_scope)

tshark exited Could not start tshark make: *\ [run] Error 1

jdede commented 9 years ago

I experienced the same issues with debian testing, tshark 1.12.1 and the current git checkout. With #define USE_NEW_TSHARK, I got the following error:

snif interface initialized
PktSync: New iface: /home/basic/src/git/contiki-untouched/tools/cooja/build/radiolog-1426233540490.pcap, nb root = 1
Registered event listener change listener:  true 
PCAP reader started
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
tshark exited
Could not start tshark
laurentderu commented 9 years ago

Thanks for the feedback, I guess it's time to with the default tshark interface to the new one (and provide a command line option to select the old one).

kYc0o commented 9 years ago

Is this issue solved? I'm having the same problem here:

tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
tshark exited
Could not start tshark
make: *** [run] Error 1

Do you have any workaround to this?

Thanks in advance

kYc0o commented 9 years ago

if I put #define USE_NEW_TSHARK I'm having this error:

tshark: Live captures do not support two-pass analysis.
tshark exited
Could not start tshark
make: *** [run] Error 1
laurentderu commented 9 years ago

I pushed a fix that allow runtime configuration of tshark using the Settings dialog and set the new version of tshark command line as the default one. Could you tell me if this fixes your problem ?

gillesDD commented 9 years ago

Hi Laurent, Face the same issue, because just begin tooday to play with foren6 could you share the commit id ? Thanks and regards Gilles

laurentderu commented 9 years ago

Hi Gilles,

It's available in the latest version of the foren6 top project. The actual commit is https://github.com/cetic/foren6/commit/1927d08772e919d16f5537bc673a90ad55b8b51d which reference the latest commits of analyzer and gui-qt

gillesDD commented 9 years ago

Hi, So i pick up the last git top project, make ;make install =>strange, had to update settingsDialog.cpp does not compile, missing stdio for printf ... Then, I open foren6 preferences : old tshark check box NOT selected. (if selected, current issue occurs as expected) TShark is 1.12.1 LOG is PktSync: New iface: /usr/share/doc/foren6/pcaps/example1-rpl-collect.pcap, nb root = 1 PCAP reader started (process:9541): GLib-CRITICAL _: g_hash_table_lookup_extended: assertion 'hash_table != NULL' failed _ ERROR:/build/buildd/wireshark-1.12.1+g01b65bf/epan/wmem/wmem_core.c:50:wmem_alloc: assertion failed: (allocator->in_scope) tshark exited Could not start tshark

Did I missed something ?

laurentderu commented 9 years ago

Hi Gilles,

I forgot to remove a debug printf (and on MacOS it's included by default). I pushed a fix for that.

You problem looks like an internal tshark crash, I tested the modification with shark 1.12.4 without troubles, do you have this crash with all pcap/sources ?

gillesDD commented 9 years ago

Hi Laurent works fine with 1.12.4 ! (pcap from foren6 example and cc26xx "real" pcap too) Thanks again Gilles

aignacio commented 7 years ago

Hello @gillesDD, Can you explain how are you using the foren6 to sniff? (what software are you running) I'm using sensniff with PCAP option activated and the foren6 show the same error "could not start tshark"

python sensniff.py -p -D INFO -d /dev/ttyACMX

bouacheria-ibtissem commented 6 years ago

Hi,

To solve this problem you just need to go to file->preference and enable old tshark .

hope that this issue will pass to solved