tshark 4.0.10 --log-level unrecognized option

asked 2023-10-31 11:38:49 +0000

RB gravatar image

updated 2023-10-31 12:17:52 +0000

CentOS 9 does not have a recent build of wireshark-cli or wireshark, so I downloaded and built wireshark-4.0.10.tar.xz as an RPM for CentOS 9. The only errors I observed were requirements for other Linux variants. The RPM installed without issue.

Before I installed the 4.0.10 RPM, I uninstalled wireshark-cli 3.4.10-6 that I had installed as part of my server without GUI. I know I am at 4.0.10 because this version of wireshark supports tcp.completeness, whereas 3.4.10-6 did not.

When I run tshark, it returns this error and lists the available options:

tshark: unrecognized option '--log-fatal'

The "Diagnostic output" section that includes --log-fatal is missing, but is present if I run 'tshark --help'.

I am only playing around with an old laptop, so I could simply backup, wipe, and rebuild so there are no artifacts from 3.4.10-6. But if anyone has a suggestion or fix, I am willing to work through this so I don't need to rebuild.

edit retag flag offensive close merge delete

Comments

Do you happen to have wireshark-devel 3.4.10-6 installed?

Jaap gravatar imageJaap ( 2023-10-31 13:59:44 +0000 )edit

Thank you for your response.

I did not install wireshark-devel 3.4.10-6, only wireshark-cmd 3.4.10-6. I uninstalled what I had built and installed wireshark-devel 3.4.10-6. I also rebooted.

With wireshark-devel, the "Diagnostic output" section now missing in tshark --help. But when tshark returns the error: tshark: unrecognized option '--log-fatal', the help is now consistent with --help.

I want to try and use "--log-fatal warning" to exit to see if it changes the exit status when tshark hits a packet that produces the following issue.

* (process:2226): WARNING *: 11:28:47.843: Dissector bug, protocol TLS, in packet 557998: epan/dissectors/packet-tls-utils.c:6271: failed assertion "offset <= offset_end"

RB gravatar imageRB ( 2023-10-31 15:34:06 +0000 )edit

What is output of tshark -v ?

Chuckc gravatar imageChuckc ( 2023-11-01 00:12:19 +0000 )edit

Thank you Chuck,

I suspect that 3.4.10 in "CentOS Stream release 9" is supposed the same as 4.10.

[bob@linux pcap]$ rpm -qa | grep shark
wireshark-cli-3.4.10-6.el9.x86_64
wireshark-3.4.10-6.el9.x86_64
wireshark-devel-3.4.10-6.el9.x86_64

[bob@linux pcap]$ tshark -v
TShark (Wireshark) 3.4.10 (Git commit 733b3a137c2b)

Copyright 1998-2021 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <https: www.gnu.org="" licenses="" gpl-2.0.html="">
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.68.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.19.1, without
Lua, with GnuTLS 3.7.6 and PKCS #11 support, with Gcrypt ...
(more)
RB gravatar imageRB ( 2023-11-01 01:01:48 +0000 )edit

It doesn't seem that the Wireshark you built is first in the path so an older version of Wireshark is being called.

Chuckc gravatar imageChuckc ( 2023-11-01 01:27:15 +0000 )edit
see more comments