Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 3675] New: the proto, colinfo tap doesn't work if the INFO

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 7 Jul 2009 02:25:36 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3675

           Summary: the proto,colinfo tap doesn't work if the INFO column
                    isn't being printed.
           Product: Wireshark
           Version: 1.2.0
          Platform: x86
        OS/Version: SuSE
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: general@xxxxxxxxx
                CC: general@xxxxxxxxx


Build Information:
TShark 1.2.0

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.16.3, with libpcap 0.9.8, with libz 1.2.3, without POSIX
capabilities, with libpcre 7.6, without SMI, without c-ares, without ADNS,
without Lua, without GnuTLS, without Gcrypt, without Kerberos, without GeoIP.

Running on Linux 2.6.25.20-0.1-pae, with libpcap version 0.9.8.

Built using gcc 4.3.1 20080507 (prerelease) [gcc-4_3-branch revision 135036].
--
Hello!

We are using Tshark to extract signaling information in mobile phone networks
(GTP traffic). We found that the transformation of libpcap traces into a text
format with the following command:

tshark -r ./2009_07_06-10h30m00s-full-tu2-600.trc -R "((gtp.message == 0x10 or
gtp.message == 0x11) and not (icmp)) and (ip.src or ip.dst or udp.srcport or
udp.dstport or gtp.flags.version or gtp.message or gtp.teid or gtp.seq_number
or gtp.tid or  gtp.cause or gtp.imsi or gtp.teid_cp or gtp.teid_data or gtp.apn
or gtp.msisdn or gtp.mcc or gtp.mnc or gtp.ext_rat_type or gtp.ext_imeisv or
gtp.user_ipv4)" -t ad -z proto,colinfo,ip,ip.src -z proto,colinfo,ip,ip.dst -z
proto,colinfo,ip,udp.srcport -z proto,colinfo,ip,udp.dstport -z
proto,colinfo,ip,gtp.flags.version -z proto,colinfo,ip,gtp.message -z
proto,colinfo,ip,gtp.teid -z proto,colinfo,ip,gtp.seq_number -z
proto,colinfo,ip,gtp.tid -z proto,colinfo,ip,gtp.cause -z
proto,colinfo,ip,gtp.imsi -z proto,colinfo,ip,gtp.teid_cp -z
proto,colinfo,ip,gtp.teid_data -z proto,colinfo,ip,gtp.apn -z
proto,colinfo,ip,gtp.msisdn -z proto,colinfo,ip,gtp.mcc -z
proto,colinfo,ip,gtp.mnc -z proto,colinfo,ip,gtp.ext_rat_type -z
proto,colinfo,ip,gtp.ext_imeisv -z proto,colinfo,ip,gtp 

frequently crashes with the message:

tshark: the proto,colinfo tap doesn't work if the INFO column isn't being
printed.

We verified this behaviour with tshark 1.20 and 1.08. Tshark 0.99.7 works fine
and does NOT crash.

I have attached a trace file to this bug report. The messages which cause
tshark to crash are packet numbers: 59818,67667 and 83157

Many thanks for any assistance.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube