segfault on profile switch

asked 2018-01-06 14:34:07 +0000

updated 2018-01-07 18:51:20 +0000

Jaap gravatar image

Hi, I'm trying to teach myself howto use Wireshark with the books by Laura Chappell (Wireshark Network Analysis, 2nd Edition). This book is written for the older (legacy) versions of Wireshark and some of the information is outdated, but that's not my biggest problem. At the moment I'm using Wireshark 2.5.0-2263-gae2e9d66 (just compiled it from sourcecode) on Debian GNU/Linux Testing (codename buster), but this problem also happens on older versions of Wireshark (like 2.4.3). The problem is that when I copy the profiles that can be downloaded from the books website these profiles are not completely compatible with the current version of Wireshark. When I take the nmap Detection profile the first coloring rule is disabled because it's incorrect and when I open and close the color rules window Wireshark gives a message that some rules are invalid and disabled. This also happens when I remove the color rule from that window and when I re-open it, the faulty rule is back.

And now the weird part, if I want to switch to another profile after opening this nmap profile (and some others) Wireshark SegFaults and will only work with my other profiles after I have removed the nmap profile from my personal configuration directory.

the entire error message I get in the terminal is:

15:03:50.521          Warn Obsolete preference "gui.scrollbar_on_right" at line 10 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.521          Warn Obsolete preference "gui.packet_list_sel_browse" at line 14 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.521          Warn Obsolete preference "gui.protocol_tree_sel_browse" at line 18 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522          Warn Preference "column.format" has been converted to "gui.column.format"
Save your preferences to make this change permanent.
15:03:50.522          Warn No such preference "agentx.tcp.agentx_port" at line 262 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522          Warn Obsolete preference "ah.place_ah_payload_in_subtree" at line 266 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522          Warn Obsolete preference "alc.default.udp_port.enabled" at line 274 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522          Warn No such preference "artnet.udp_port" at line 339 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522          Warn No such preference "artnet.dmx_disp_chan_val_type" at line 344 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50.522          Warn No such preference "artnet.dmx_disp_chan_nr_type" at line 349 of
/home/analyzer/.config/wireshark/profiles/Nmap Detection/preferences (save preferences to remove this warning)
15:03:50 ...
(more)
edit retag flag offensive close merge delete

Comments

This also happens when I remove the color rule from that window and when I re-open it, the faulty rule is back.

You might want to have a look at the answers to the "Impossible to edit the color rule" question asked on the old Wireshark Q&A site for some possible ways to remedy this for you.

cmaynard gravatar imagecmaynard ( 2018-01-08 16:38:06 +0000 )edit

A Segmentation fault shouldn't occur no matter what of course, so I'd recommend opening a bug report for that and supplying your profile files so someone can try to reproduce the problem and hopefully provide a fix.

cmaynard gravatar imagecmaynard ( 2018-01-08 16:43:00 +0000 )edit

cmaynard, Thanks for the suggestions ! I will have a look at the old Q&A site and open that bug report tomorrow when I have some more time, since it's gonna be my first bug report ever.

As for the profiles, if anyone want's them they are available on the wiresharkbook.com website. As supplements to the Wireshark Network Analysis 2nd book.

here is a link to the ZIP file on that site that contains the profiles.

Thanks again for the suggestions!

Patrick_Kox gravatar imagePatrick_Kox ( 2018-01-08 18:47:38 +0000 )edit

Not everyone who monitors bug reports also monitors the Q&A site, so I think it's better to indicate a specific profile from the link provided that reproduces the segfault when you report the bug.

cmaynard gravatar imagecmaynard ( 2018-01-08 19:13:20 +0000 )edit