Ask Your Question
0

tshark export of “goose.integer” is not the same under windows as under linux

asked 2024-04-27 13:26:04 +0000

gen_tcp gravatar image

updated 2024-04-27 14:51:05 +0000

The data will be more complete in windows. What would be the best way to export the data completely under linux?

linux

tshark -r data.pcapng -Y "frame.number == 383" -e "goose.integer" -T fields > 1.txt
tshark -v                 
TShark (Wireshark) 4.2.2 (Git v4.2.2 packaged as 4.2.2-1).

windows

tshark -r data.pcapng -Y "frame.number == 383" -e "goose.integer" -T fields > 2.txt

D:\Program Files\Wireshark>tshark -v
TShark (Wireshark) 4.2.3 (v4.2.3-0-ga15d7331476c).

Snipaste_2024-04-27_20-36-58.png Snipaste_2024-04-27_20-37-10.png

edit retag flag offensive close merge delete

Comments

Can you update the question with the output of tshark -v for linux and Windows.

(Sample capture attached to: 19580: Incorrect recursion depth assert failure when dissecting a legitimate GOOSE message)

C:\>tshark -v | findstr TShark
TShark (Wireshark) 4.3.0rc0-2318-gbaafc805bb62 (v4.3.0rc0-2318-gbaafc805bb62).

C:\>tshark -r GOOSEDissectionBug.pcapng -T fields -e goose.integer -Y goose.integer
1,1,1
1,2,1
1,3,1
1,0,1
Chuckc gravatar imageChuckc ( 2024-04-27 13:55:39 +0000 )edit

updated...

gen_tcp gravatar imagegen_tcp ( 2024-04-27 14:51:52 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2024-04-27 15:13:14 +0000

Chuckc gravatar image

updated 2024-04-27 15:15:09 +0000

Is it possible to upgrade to 4.2.3 (or newer - 4.2.4 is current version) on linux?
There have been some "recent" fixes to the goose dissector.
(packet-goose.c: history)
This is output for 4.2.2 on Windows:

C:\>tshark -v | findstr TShark
TShark (Wireshark) 4.2.2 (v4.2.2-0-g404592842786).

C:\>tshark -r GOOSEDissectionBug.pcapng -T fields -e goose.integer -Y goose.integer
 ** (tshark:3764) 10:09:27.075305 [Epan WARNING] -- Dissector bug, protocol GOOSE, in packet 1: C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\epan\dissectors\packet-goose.c:717: failed assertion "recursion_depth <= 100"
1
 ** (tshark:3764) 10:09:27.087462 [Epan WARNING] -- Dissector bug, protocol GOOSE, in packet 2: C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\epan\dissectors\packet-goose.c:717: failed assertion "recursion_depth <= 100"
1
 ** (tshark:3764) 10:09:27.099427 [Epan WARNING] -- Dissector bug, protocol GOOSE, in packet 3: C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\epan\dissectors\packet-goose.c:717: failed assertion "recursion_depth <= 100"
1
 ** (tshark:3764) 10:09:27.109791 [Epan WARNING] -- Dissector bug, protocol GOOSE, in packet 4: C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\epan\dissectors\packet-goose.c:717: failed assertion "recursion_depth <= 100"
1

edit flag offensive delete link more

Comments

Updated to 4.2.4 in linux. The erorr has been fixed.

gen_tcp gravatar imagegen_tcp ( 2024-04-27 15:35:35 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-04-27 13:26:04 +0000

Seen: 81 times

Last updated: Apr 27