tshark.exe crashes when execute

2020-12-09

updated 2020-12-09

Hi, I have wireshark v2.4.0. I have some dissectors as dll and lua installed, and when I open a pcap file with wireshark.exe(The GUI) it works perfectly but when I use tshark.exe it's just crashes. I tried to execute it without the dissector and it didn't crash... So why tshark.exe crashes with this dissector and wireshark.exe is able to parse the pcap? Doesn't wireshark GUI uses tshark.exe itself?

answered 2020-12-09

cmaynard

Wireshark doesn't use tshark. Both Wireshark and tshark use dumpcap.

Unfortunately, not only has Wireshark 2.4.0 has gone EOL as of July 19, 2019 per the Wireshark Lifecycle, but without being able to examine the dissector itself causing the problem, it will be very unlikely if not impossible for anyone to be able to help troubleshoot the problem you're experiencing. If you can provide the source code of the dissector and a sample capture file to test it with that causes the crash, then perhaps someone will be able to assist you then, although this isn't the best forum for that. Likely a discussion on the wireshark-dev mailing list would be a more suitable place.

answered 2020-12-09

Chuckc

Wireshark and tshark have shared code and libraries but wireshark is not a Gui frontend to tshark.
v2.4.0 was EOL'ed July 19, 2019 (End of Life planning)

If you have the same issue after testing with a newer version of Wireshark/tshark come back with your results.

(I was in the middle of crafting my answer when yours must have been posted; otherwise, I may not have bothered with my answer.)

cmaynard ( 2020-12-09 15:31:45 +0000 )

Can you merge this with dll dissector won't work with newer version ? I'm confused now about if it's 2.4.0 or a new version that isn't working.

Chuckc ( 2020-12-09 15:45:26 +0000 )

My interpretation is that the user originally had a dissector built for 2.4.0, but was experiencing the tshark crash so took your advice to try to build it for the latest available version and is now experiencing problems because the dissector needs to be modified to work with the new APIs.

cmaynard ( 2020-12-09 16:06:31 +0000 )

Asked: 2020-12-09

Last updated: Dec 09 '20