Problem with extcap preferences in TShark (Wireshark) 3.4.2

asked 2021-01-18 07:51:33 +0000

hgiraldos
16 ●1 ●2

updated 2021-01-21 15:18:06 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

I have been using these 2 extcap plugins with Wireshark (from 3.0.8 to 3.2) without problems.

I recently updated Wireshark and I have the following problems:

C:\Users\hgir>"C:\Program Files\Wireshark\tshark.exe" "-l" "-n" "-T" "pdml" "-o" "extcap.cc2531.channel:11" "-i" "TI CC2531 802.15.4 packet sniffer"

** (tshark.exe:8004): WARNING **: No such preference "extcap.cc1352r1.com_port" at line 386 of
C:\Users\hgir\AppData\Roaming\Wireshark\preferences (save preferences to remove this warning)

** (tshark.exe:8004): WARNING **: No such preference "extcap.cc1352r1.op_band" at line 390 of
C:\Users\hgir\AppData\Roaming\Wireshark\preferences (save preferences to remove this warning)

** (tshark.exe:8004): WARNING **: No such preference "extcap.cc2531.channel" at line 398 of
C:\Users\hgir\AppData\Roaming\Wireshark\preferences (save preferences to remove this warning)

The preferences related to extcap plugins do not seem to work.

I use these preferences to change the channel in tshark, so I get the following error:

tshark: -o flag "extcap.cc2531.channel:11" specifies unknown preference

I have been reviewing the doc related to extcap in the new version but I did not find any clues.

Any ideas? Any site with advanced documentation or API changes?

P.S: I have access to the source code, so I can do modifications in the plugins or in the configuration.

edit retag flag offensive close merge delete

Comments

We don't close answers here, instead accept the most helpful answer by clocking the checkmark icon to the left of it.

grahamb ( 2021-01-24 17:44:02 +0000 )edit

Yes, I tried, but I need >50 points to accept my own answer and I do not have them, so I did not find any other way to finish this issue.

hgiraldos ( 2021-01-24 18:54:04 +0000 )edit

add a comment

2 Answers

Sort by » oldest newest most voted

answered 2021-01-21 17:08:18 +0000

hgiraldos
16 ●1 ●2

updated 2021-01-24 17:31:09 +0000

To make extcap preferences work in TShark is necessary to add "currentprefs" to the command.

"C:\Program Files\Wireshark\tshark.exe" "currentprefs" "-l" "-n" "-T" "pdml" "-o" "extcap.cc2531.channel:11" "-i" "TI CC2531 802.15.4 packet sniffer"

This change was introduce in v3.0.0, commit 9c53ac0187.

Anyway, I will update the plugins at @grahamb suggested.

Edit: Fix has been merged.

edit flag offensive delete link

Comments

That code is only called with the -G option to dump information.
Maybe tshark should call extcap_register_preferences() on startup like the GUI does in main.cpp ?

Chuckc ( 2021-01-21 18:02:58 +0000 )edit

Yes, agree. I have done a merge request in wireshark's repository.

https://gitlab.com/wireshark/wireshar...

hgiraldos ( 2021-01-22 09:10:39 +0000 )edit

add a comment

answered 2021-01-18 08:46:05 +0000

grahamb

23790 ●4 ●950 ●227 https://www.wireshark.org

Are the plugins actually loading, if not that might explain the lack of support for their preferences?

Does tshark -G plugins list your extcaps?

edit flag offensive delete link

Comments

Yes it does.

ethercat.dll            0.1.0   dissector       C:\Program Files\Wireshark\plugins\3.4\epan\ethercat.dll
...
cc1352r1.exe            0.0.1   extcap  C:\Program Files\Wireshark\extcap\cc1352r1.exe
cc2531.exe              0.0.1   extcap  C:\Program Files\Wireshark\extcap\cc2531.exe

Actually,I can use the plugins in Wireshark UI, that's what I found most strange.

hgiraldos ( 2021-01-18 09:14:12 +0000 )edit

Then try printing the preferences, this will be huge so either filter with the tools of your choice or redirect to a file and look with an editor. Using PowerShell:

tshark -G currentprefs | Select-String cc2531

grahamb ( 2021-01-18 10:44:34 +0000 )edit

Yes it is present:

PS C:\Program Files\Wireshark> .\tshark.exe -G currentprefs | Select-String cc2531
extcap.cc2531.channel: 14

That means it is written in the configuration file, but I think tshark does not recognize it that is why it shows this warning:

** (tshark.exe:8004): WARNING **: No such preference "extcap.cc2531.channel" at line 398 of
C:\Users\hgir\AppData\Roaming\Wireshark\preferences (save preferences to remove this warning)

hgiraldos ( 2021-01-18 11:50:42 +0000 )edit

I'm not sure what's going on, maybe create a new profile in Wireshark to clean out old preferences, then pass that into tshark with -C.

There have been a few changes in the extcap interface that might explain the issue. Your extcaps use a manual method of constructing the output to describe the plugin options, whereas a common method is provided to do that in the current version of Wireshark, but it's not clear to me that the old manual method is wrong.

grahamb ( 2021-01-18 14:23:27 +0000 )edit

I've already tried it with clean profiles and it didn't work. If you have located the commits that may have caused the problem I can test them looking for the beginning of the problem and give a proposal for fixing it.

hgiraldos ( 2021-01-18 14:31:58 +0000 )edit

I haven't gone through the commits just comparing the code in your extcaps with that for sshdump. There are framework methods for handling options etc.

grahamb ( 2021-01-18 15:27:17 +0000 )edit

see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Problem with extcap preferences in TShark (Wireshark) 3.4.2

Comments

2 Answers

Comments

Comments

Your Answer

Question Tools

Stats

Related questions

Problem with extcap preferences in TShark (Wireshark) 3.4.2 edit

Comments

2 Answers

Comments

Comments

Your Answer

Question Tools

Stats

Related questions

Problem with extcap preferences in TShark (Wireshark) 3.4.2