You are not logged in.

#1 2016-03-01 10:32:42

lz3060
Member
Registered: 2006-09-15
Posts: 35

[SOLVED] Wireshark fails to parse messages from dumpcap

Hi all,

I only noticed this recently and don't know when or how it broke. All variants of `wireshark` fail to start and the reason seems to be they are unable to parse the output of `dumpcap -D` while enumerating capturable interfaces.

Specifically, the QT version hangs on a "Loading preferences" message, strace shows it waiting for output from a subprocess.

The GTK version is a bit more helpful and shows this: http://imgur.com/AiNOTvj

tshark bails with the same error:

$ tshark 
tshark: Unknown message from dumpcap, try to show it as a string: device-enumerator: scan all dirs
  device-enumerator: scanning /sys/bus

Trying to enumerate interfaces with dumpcap works, my user is in the wireshark group but I've set +s on the dumpcap binary just in case:

$ dumpcap -D
device-enumerator: scan all dirs
  device-enumerator: scanning /sys/bus
  device-enumerator: scanning /sys/class
unable to receive message
1. wlp1s0
2. enp0s20u1u5u3
3. any
4. lo (Loopback)
5. bluetooth0
6. bluetooth-monitor
7. nflog
8. nfqueue
9. dbus-system
10. dbus-session
11. usbmon1
12. usbmon2
13. usbmon3
14. usbmon4

I tried whiping wireshark settings and running it in a newly-created system account but it acts the same. I suspect the "informative" messages which precede the list of interfaces cause the issue, but it seems noone else is experiencing the same ...

Thanks for reading through! Please share any thoughts ...

Last edited by lz3060 (2016-03-02 10:26:12)

Offline

#2 2016-03-01 12:51:13

lz3060
Member
Registered: 2006-09-15
Posts: 35

Re: [SOLVED] Wireshark fails to parse messages from dumpcap

On other distros `dumpcap -D ` only prints the list of interfaces, the output doesn't contain the 4 lines of informative messages. These are writtent by dumpcap on stderr.

EDIT digging further, the "device-enumerator" log messages come from libsystemd/../device-enumerator.c and libudev-monitor.c

Last edited by lz3060 (2016-03-01 13:44:31)

Offline

#3 2016-03-02 10:25:58

lz3060
Member
Registered: 2006-09-15
Posts: 35

Re: [SOLVED] Wireshark fails to parse messages from dumpcap

This was my problem. I had completely forgotten that I had udev debug enabled.

Offline

Board footer

Powered by FluxBB