Wireshark-bugs: [Wireshark-bugs] [Bug 12590] tshark does not display QUIC information while WIRE
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 07 Jul 2016 13:47:22 +0000

changed bug 12590


What Removed Added
Status UNCONFIRMED INCOMPLETE
CC   jeff.morriss.ws@gmail.com
Ever confirmed   1

Comment # 1 on bug 12590 from 
(In reply to iez from comment #0)
> Hello,
> I'm trying to analyze QUIC traffic and tried Wireshark 2.1.0 with QUIC
> dissector on MAC El Capitan - it works great. The issue I'm having is with
> using tshark. When setting it to display QUIC fields it does not print
> information related to QUIC to stdio and when I tried "-w file" it writes
> this only line and exits:
> 
> \M<+????????8TShark (Wireshark) 2.1.0 (v2.1.0-0-g46f9217 from
> master)\,q???????? ,zie@iezs-MBP:~/PXPRS/tests$
> 
> It is empty when opened with wireshark. 

Note that if you use "-w" the resulting file is going to be a PCAPNG (or PCAP)
file, not the output of tshark; you generally don't want to use "-w" with "-r".

> The tshark command i'm using is this:
> sudo tshark -r test.pcap -w test.out -d "udp.port==12346,quic" -T fields -e
> udp.srcport -e quic.tags

Also note that (since you're not capturing) there's no need to use `sudo`
here--in fact it's a bad idea (since that means Wireshark's 2M+ lines of code
are running as root).

> It does print everything related to the legacy protocols - udp, tcp, http
> etc.

Hmm, it works fine for me when I do:

% ./tshark -r test1.pcapng -d "udp.port==12346,quic" -T fields -e udp.srcport
-e quic.tags | less

I'm not aware of any changes in this area but since you're using a development
release you might want to upgrade to the latest git just in case (that's what
I'm using).

(This could be WORKSFORME but I'll leave it INCOMPLETE for now in case there's
some followup.)

> tshark also complains on some missing libraries when trying sudo tshark -D:
> 
> dyld: Library not loaded: @rpath/libssh.4.dylib Referenced from:
> /Applications/Wireshark.app/Contents/MacOS/extcap/ciscodump Reason: image
> not found
> dyld: Library not loaded: @rpath/libssh.4.dylib Referenced from:
> /Applications/Wireshark.app/Contents/MacOS/extcap/sshdump Reason: image not
> found

I think that bug 12507 should have fixed this.  If it's still a problem after
upgrading please open a separate bug report about it.

You are receiving this mail because:
  • You are watching all bug changes.