Ask Your Question
0

invalid json request to tshark

asked 2021-12-31 10:13:04 +0000

teto gravatar image

I've upgraded wireshark 3.4 -> 3.6 and the protocol for sharkd has changed. I am doing cat contrib/info.json | socat UNIX-CONNECT:/tmp/sharkd.sock - which returns

 {"jsonrpc":"2.0","id":0,"error":`{"code":-32600,"message":"Invalid JSON(2)"}}`

I can't find how it is invalid.

for the following info.json:

 {
   "jsonrpc": "2.0"
  , "id": 1
  , "method":"info"
}

I've got a similar issue with the following json

{
    "method":"load"
  , "jsonrpc": "2.0"
  , "id" : 1
  , "params" : {
      "file": "/home/teto/tcp/client_2_cleaned.pcapng"
  }
}

NB: the doc at https://wiki.wireshark.org/Developmen... seems out of date

edit retag flag offensive close merge delete

Comments

There have been several changes to the Wiki since the move to Gitlab in 2020.
There used to be links from the old to the new but looks like they got dropped when the old wiki was turned into a static site. Current wiki here:
sharkd

Chuckc gravatar imageChuckc ( 2021-12-31 15:13:58 +0000 )edit

thanks for the link, looks like it is the same outdated documentation. I dont mind because I tend to look at the source anyway and the sharkd*.c files are easy to read. So I've dived a bit deeper and if I convert info.json to a one line string it works :s so it seems newlines are not accepted by sharkd ?!

teto gravatar imageteto ( 2021-12-31 15:51:14 +0000 )edit
Chuckc gravatar imageChuckc ( 2021-12-31 15:59:40 +0000 )edit
$ ./sharkd -v | head -2
Sharkd (Wireshark) 3.5.0rc0-2079-g4ddae6850824 (Git commit d71813fb0a05)

$ cat /tmp/info.json
{
   "jsonrpc": "2.0"
  , "id": 1
  , "method":"info"
}
$ cat /tmp/info.json | ./sharkd -
Hello in child.
invalid JSON(2) -> closing
$
$ cat /tmp/info_1_line.json
{ "jsonrpc": "2.0" , "id": 1 , "method":"info" }
$
$ cat /tmp/info_1_line.json | ./sharkd -
Hello in child.
sanity check(4): no "req".
$

Chuckc gravatar imageChuckc ( 2021-12-31 16:25:22 +0000 )edit

thanks for trying. You should try my instructions with 3.6 though as the protocol changed, "req" is the old protocol.

teto gravatar imageteto ( 2021-12-31 16:28:48 +0000 )edit

2 Answers

Sort by » oldest newest most voted
0

answered 2021-12-31 16:45:04 +0000

Chuckc gravatar image

sharkd-requests
The entire requests must be on a single line

edit flag offensive delete link more

Comments

If you want to transform multiline json to single line json, you could use jq.

$ cat info.json 
{
   "jsonrpc": "2.0"
  , "id": 1
  , "method":"info"
}
$ jq -c "." info.json 
{"jsonrpc":"2.0","id":1,"method":"info"}
rickhg12hs gravatar imagerickhg12hs ( 2021-12-31 17:31:31 +0000 )edit

I used cat contrib/load-pcap.json | tr -d '\n' instead. I found another issue: the order of parameters in the json file matters ! if you pass the "params" before the "method" for isntance, you get an error :s

teto gravatar imageteto ( 2021-12-31 22:02:39 +0000 )edit
0

answered 2022-01-01 07:46:26 +0000

PaulOfford gravatar image

I had no idea that this had been merged. I waited a couple of months and then assumed it wasn’t going to be accepted. I’m really pleased it’s now merged.

I didn’t really change the parser code; I just carried over the parser from the previous version. I was trying to keep the number of code line changes to a minimum. The old version didn’t support multi line commands and so neither does the new version.

It’s also true that the method must come before the parameters and I think that is down to me. It was quite tricky to differentiate between methods and parameters using the existing parser.

The bottom line is that the parser needs re-writing. The workaround is keep the method and parameters in order.

edit flag offensive delete link more

Comments

thanks for working on it. I seem to find other issues like a simple status is taken into account but then displays an error :/

➜ cat status.json | socat UNIX-CONNECT:/tmp/sharkd.sock -   
{"jsonrpc":"2.0","id":1,"result":{"frames":0,"duration":0.000000000}}
{"jsonrpc":"2.0","id":1,"error":{"code":-32600,"message":"Invalid JSON(1)"}}

with { "method": "status" , "jsonrpc": "2.0" , "id" : 1}

Also even after successfully loading a pcap, I can't get any result for a frame or analyze request: {"jsonrpc":"2.0","id":1,"result":{"frames":0,"protocols":[]} It's as if nothing was loaded. Do you know a software out there that leverages sharkd so that I can compare my implementation. Should the id be increased for each request ? what does the ":id" field stand for ?

teto gravatar imageteto ( 2022-01-01 22:47:35 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2021-12-31 10:13:04 +0000

Seen: 286 times

Last updated: Jan 01 '22