Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Trying to get Wireshark up and running via MacPorts [SOLVE

From: Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 24 Nov 2007 00:47:17 -0500

On Nov 23, 2007, at 20:27, Stephen Fisher wrote:

When you have the source build manually in the build directory, you'll
want to use glibtool (normally named libtool, except on OS X, which has
a libtool program that does something totally different) to run
Wireshark through the gdb debugger. I'll create a breakpoint in gdb to
simulate the program stopping at an error like you're getting (I will
erase the breakpoint setting command/output from below for your clarity
- it will crash on its own for you):

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sfisher@shadow:/usr/local/src/wireshark>glibtool --mode=execute gdb ./wireshark GNU gdb 6.3.50-20050815 (Apple version gdb-696) (Sat Oct 20 18:16:54 GMT 2007)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-apple-darwin"...
warning: --arch option not supported in this gdb.
Reading symbols for shared libraries............................................... done

(gdb) run
Starting program: /usr/local/src/wireshark/.libs/wireshark
Reading symbols for shared libraries ..................................................+ +................+++++++++++++++++++++++....+++++++++++++..+ done
Reading symbols for shared libraries . done
<above line repeats a bunch of times)

Breakpoint 1, commview_open (wth=0xb0ca650, err=0xbfffe8a8, err_info=0xbfffe86c) at commview.c:98
98              if(!commview_read_header(&cv_hdr, wth->fh, err))
(gdb) backtrace 10
#0 commview_open (wth=0xb0ca650, err=0xbfffe8a8, err_info=0xbfffe86c) at commview.c:98 #1 0x0070e5c4 in wtap_open_offline (filename=0xb0b5ae0 "/Users/ sfisher/captures/commview/FormatShowcase1.ncf", err=0xbfffe8a8, err_info=0xbfffe86c, do_random=1) at file_access.c:341 #2 0x000117e4 in cf_open (cf=0x13d3d0, fname=0xb0b5ae0 "/Users/ sfisher/captures/commview/FormatShowcase1.ncf", is_tempfile=0, err=0xbfffe8a8) at file.c:215 #3 0x00028f78 in menu_open_recent_file_cmd (w=0xb138970) at menu.c: 1462
#4  0x07a6c66b in g_closure_invoke ()
#5  0x07a7d99d in signal_emit_unlocked_R ()
#6  0x07a7eb43 in g_signal_emit_valist ()
#7  0x07a7f1f7 in g_signal_emit ()
#8  0x012a8aad in gtk_widget_activate ()
#9  0x0114ead1 in gtk_menu_shell_activate_item ()
(More stack frames follow...)
(gdb) quit
The program is running.  Exit anyway? (y or n) y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The important command is "backtrace 10," which shows the last 10 lines
of the backtrace of functions called. This helps us see which function
the crash occured in and some clues as to why it crashed.

After the rebuild of Wireshark via MacPorts completed, I thought I'd just fire up Wireshark one last time to see if it would generate the same old "Bus error" but surprisingly, this time it presented me with the Wireshark splash screen and its main window. I think it had something to do with my having done a "sudo port uninstall" on a couple of xorg-libX* modules from the MacPorts installation before rebuilding using "sudo port -Rv install wireshark". I'm suspecting that those modules were overriding the similarly named modules in the /usr/X11R6/ folder since the include directives for "/opt/ local/" (where MacPorts stores its files) preceded those for "/usr/ X11R6" in the build process (the "-v" switch sure came in handy).

Thanks for the quick response. I'll keep the above instructions for gdb in mind in case Wireshark blows up during an analysis session and I need to provide a gdb backtrace.
--
Reality Artisans, Inc. # Network Wrangling and System Delousing P.O. Box 565, Gracie Station # Apple Certified Help Desk Specialist
New York, NY 10028-0019           #   Apple Consultants Network member
<http://www.realityartisans.com>  #   Apple Developer Connection member
(212) 369-4876 (Voice)            #   (212) 860-4325 (Fax)
PGP Fingerprint:  77B3 D1E9 D24B 4FA9 9606  6C8D 62E4 2E4A 6FDD 9FD5