asked 2019-03-04 18:41:55 +0000

barcaroller

When I go to "Analyze" > "Decode As...", the resulting dialog window is empty. This used to work in the past (especially on CentOs 7), but since I've upgraded to Fedora 29, the protocols no longer show up in this dialog window.

I've tried both, wireshark 2.6.6 and wireshark 3.0.0, to no avail.

Any help would be appreciated.

When you upgraded from CentOS 7 to Fedora 29, is it possible that your Wireshark personal configuration directory was somehow changed such that Wireshark is no longer finding your decode_as_entries file? If you run Wireshark and go to Help -> About Wireshark -> Folders, you can find your personal configuration folder listed there. That's the location where Wireshark expects to find the decode_as_entries file, so if it's located elsewhere, then that would explain why the dialog contains no entries.

cmaynard ( 2019-03-05 02:09:36 +0000 )

Thanks for your reply.

On my CentOs7 machine, I'm running wireshark 1.10 and it works fine. There's no decode_as_entries file under ~/.wireshark though; just two files: recent and recent_common.

On my Fedora 29 machine, I'm running wireshark 3.0.0 and the "Decode As..." dialog box is empty. There is a decode_as_entries file under ~/.wireshark but it's empty. I did not modify it; this is how it was right after installation.

barcaroller ( 2019-03-05 14:13:17 +0000 )

Well, Wireshark 1.10 is very old, and I don't recall how the "Decode As" worked for that version. You may have to simply add the entries again if you can't locate the older decode_as_entries file. Maybe it's located in a different directory than $HOME/.wireshark?

cmaynard ( 2019-03-05 15:16:06 +0000 )

To be honest, I don't understand the purpose of the decode_as_entries file. When I go to the "Decode As..." dialog box, I expect to see something like:


regardless of what configuration files are in my directory. Instead I just get a blank window.

barcaroller ( 2019-03-05 16:23:43 +0000 )

Do you mean, https://www.wireshark.org/docs/wsug_h... Keep in mind that the documentation is a bit out of date and the images are in need of an update. The dialog will now look like what's depicted around the 2:52 mark of Tony Fortunato's Wireshark Decode As Example video. Does your dialog not look like that?

cmaynard ( 2019-03-05 16:42:17 +0000 )