segfault on profile switch
Hi, I'm trying to teach myself howto use Wireshark with the books by Laura Chappell (Wireshark Network Analysis, 2nd Edition). This book is written for the older (legacy) versions of Wireshark and some of the information is outdated, but that's not my biggest problem. At the moment I'm using Wireshark 2.5.0-2263-gae2e9d66 (just compiled it from sourcecode) on Debian GNU/Linux Testing (codename buster), but this problem also happens on older versions of Wireshark (like 2.4.3). The problem is that when I copy the profiles that can be downloaded from the books website these profiles are not completely compatible with the current version of Wireshark. When I take the nmap Detection profile the first coloring rule is disabled because it's incorrect and when I open and close the color rules window Wireshark gives a message that some rules are invalid and disabled. This also happens when I remove the color rule from that window and when I re-open it, the faulty rule is back.
And now the weird part, if I want to switch to another profile after opening this nmap profile (and some others) Wireshark SegFaults and will only work with my other profiles after I have removed the nmap profile from my personal configuration directory.
the entire error message I get in the terminal is:
15:03:50.521 Warn Obsolete preference "gui.scrollbar_on_right" at line 10 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.521 Warn Obsolete preference "gui.packet_list_sel_browse" at line 14 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.521 Warn Obsolete preference "gui.protocol_tree_sel_browse" at line 18 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522 Warn Preference "column.format" has been converted to "gui.column.format"
Save your preferences to make this change permanent.
15:03:50.522 Warn No such preference "agentx.tcp.agentx_port" at line 262 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522 Warn Obsolete preference "ah.place_ah_payload_in_subtree" at line 266 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522 Warn Obsolete preference "alc.default.udp_port.enabled" at line 274 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522 Warn No such preference "artnet.udp_port" at line 339 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522 Warn No such preference "artnet.dmx_disp_chan_val_type" at line 344 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522 Warn No such preference "artnet.dmx_disp_chan_nr_type" at line 349 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50 ...
This also happens when I remove the color rule from that window and when I re-open it, the faulty rule is back.
You might want to have a look at the answers to the "Impossible to edit the color rule" question asked on the old Wireshark Q&A site for some possible ways to remedy this for you.
A Segmentation fault shouldn't occur no matter what of course, so I'd recommend opening a bug report for that and supplying your profile files so someone can try to reproduce the problem and hopefully provide a fix.
cmaynard, Thanks for the suggestions ! I will have a look at the old Q&A site and open that bug report tomorrow when I have some more time, since it's gonna be my first bug report ever.
As for the profiles, if anyone want's them they are available on the wiresharkbook.com website. As supplements to the Wireshark Network Analysis 2nd book.
here is a link to the ZIP file on that site that contains the profiles.
Thanks again for the suggestions!
Not everyone who monitors bug reports also monitors the Q&A site, so I think it's better to indicate a specific profile from the link provided that reproduces the segfault when you report the bug.