This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

‘mate failed to configure’ when starting with web.mate enabled

0

Has anyone run into any problems with web.mate? I'm running Windows 7 64 bit with the 64 bit Wireshark v1.4.1. The mate plugin is loading fine. I have loaded up tcp.mate without any errors. When I start up Wireshark with web.mate enabled I get this error:

c:usersMEwireshark_mateweb.mate at line 1: Syntax Error before web.mate

The permissions, directory path and attributes of the web.mate file are identical to those of tcp.mate which loads without any problems. I downloaded both files at the same time, using the same browser. I downloaded web.mate a couple of times to be sure something didn't get corrupted in the download and the file is identical each time.

I downloaded the web.mate file from the wireshark wiki so it isn't that I have some one-off version with some random edits. http://wiki.wireshark.org/Mate/Tutorial?action=AttachFile&do=view&target=web.mate

asked 12 Nov '10, 10:08

devrick0's gravatar image

devrick0
1333
accept rate: 0%

edited 14 Nov '10, 05:24

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245


One Answer:

0

It looks like the format of these files have changed, so the example given does not work. http://www.wireshark.org/lists/wireshark-users/200708/msg00071.html

After a lot of trial and error, I came up with one that seems to work. I was looking for the ability to add a column that has the full time for each web page request, and it looks like it works. Here's what I came up with:

Pdu tcp_pdu Proto tcp Transport ip {
    Extract addr From ip.addr;
    Extract port From tcp.port;
    Extract tcp_start From tcp.flags.syn;
    Extract tcp_stop From tcp.flags.reset;
    Extract tcp_stop From tcp.flags.fin;
};

Gop tcp_ses On tcp_pdu Match (addr, addr, port, port) { Start (tcp_start=1); Stop (tcp_stop=1); };

Transform rm_client_from_dns_resp { Match (dns_resp=1, client) Insert (dns_resp=1); };

Pdu dns_pdu Proto dns Transport ip { Extract addr From ip.addr; Extract dns_resp From dns.flags.response; Extract host From dns.qry.name; Extract client From ip.src; Extract dns_id From dns.id; Transform rm_client_from_dns_resp;

};

Transform rm_client_from_http_resp1 { Match (http_rq); Match (addr) Insert (not_rq); Match (not_rq,client); };

Transform rm_client_from_http_resp2 { Match (not_rq,client); };

Pdu http_pdu Proto http Transport tcp/ip { Extract addr From ip.addr; Extract port From tcp.port; Extract http_rq From http.request.method; Extract http_rs From http.response; Extract host From http.host; Extract client From ip.src; Transform rm_client_from_http_resp1; // Transform rm_client_from_http_resp2;

};

Gop dns_req On dns_pdu Match (addr, addr, dns_id) { Start (dns_resp=0); Stop (dns_resp=1); Extra (host, client); };

Gop http_req On http_pdu Match (addr, addr, port, port) { Start (http_rq); Stop (http_rq); Extra (host, client); };

//Transform start_cond { // Match (attr1=aaa, attr2=bbb) Insert (msg_type=start); // Match (attr3=www; attr2=bbb) Insert (msg_type=start); // Match (attr5^a ) Insert (msg_type=stop); // Match (attr6$z ) Insert (msg_type=start); //};

//Pdu pdu … { // …;

Done;

Good luck,

Brian

answered 06 Jan ‘11, 12:53

lanlord's gravatar image

lanlord
1
accept rate: 0%

edited 12 Feb ‘16, 09:28

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142