Wireshark · Wireshark-dev: [Wireshark-dev] tshark bug(s) with option -z smb,sids

Wireshark-dev: [Wireshark-dev] tshark bug(s) with option -z smb,sids

From: Justin Heath <justin.heath@xxxxxxxxx>

Date: Tue, 27 Jan 2009 16:39:14 -0500

When trying to use the tshark option "-z smb,sids" I receive the
following output to stderr if smb.sid_name_snooping is not set.

The -z smb,sids function needs SMB/SID-Snooping to be enabled.
Either enable Edit/Preferences/Protocols/SMB/Snoop SID name mappings
in wireshark
or override the preference file by specifying
  -o "smb.sid_name_snooping=TRUE"
on the tshark command line.

However, if I follow the syntax provided I receive the following error.

tshark: Invalid -o flag "smb.sid_name_snooping=TRUE"

It appears the correct syntax is "-o flag smb.sid_name_snooping:TRUE"
(minus quotes) (the man page specifies this syntax). So, this gets me
past the syntax problem, however, now I get the following error.

SMB SID List:

(process:26003): GLib-CRITICAL **: g_hash_table_foreach: assertion
`hash_table != NULL' failed

I'm using CentOS 5 with wireshark 1.0.3-4.


If anyone has a workaround, solution or patch it would be appreciated.

Cheers,
Justin

Prev by Date: Re: [Wireshark-dev] map decoding problems
Next by Date: [Wireshark-dev] Issue with 1.1.2 and latest SVN (27315) - on Win32 - Wireshark is not displayed
Previous by thread: Re: [Wireshark-dev] map decoding problems
Next by thread: [Wireshark-dev] Issue with 1.1.2 and latest SVN (27315) - on Win32 - Wireshark is not displayed
Index(es):
- Date
- Thread