Wireshark-bugs: [Wireshark-bugs] [Bug 12590] New: tshark does not display QUIC information while

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 07 Jul 2016 13:19:09 +0000
Bug ID 12590
Summary tshark does not display QUIC information while WIRESHARK does
Product Wireshark
Version 2.1.x (Experimental)
Hardware x86
OS Mac OS X 10.11
Status UNCONFIRMED
Severity Major
Priority Low
Component TShark
Assignee [email protected]
Reporter [email protected] 

Created attachment 14707 [details]
QUIC session capture. Wireshark dispalays it correctly.

Build Information:
TShark (Wireshark) 2.1.0 (v2.1.0-0-g46f9217 from master)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, without POSIX capabilities, with GLib 2.36.0,
with zlib 1.2.5, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, with GnuTLS
2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP.

Running on Mac OS X 10.11.5, build 15F34 (Darwin 15.5.0), with locale
en_US.UTF-8, with libpcap version 1.5.3 - Apple version 54, with GnuTLS
2.12.19,
with Gcrypt 1.5.0, with zlib 1.2.5.
      Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz (with SSE4.2)

Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).

--
Hello,
I'm trying to analyze QUIC traffic and tried Wireshark 2.1.0 with QUIC
dissector on MAC El Capitan - it works great. The issue I'm having is with
using tshark. When setting it to display QUIC fields it does not print
information related to QUIC to stdio and when I tried "-w file" it writes this
only line and exits:

\M<+????????8TShark (Wireshark) 2.1.0 (v2.1.0-0-g46f9217 from
master)\,q???????? ,zie@iezs-MBP:~/PXPRS/tests$

It is empty when opened with wireshark. 


The tshark command i'm using is this:
sudo tshark -r test.pcap -w test.out -d "udp.port==12346,quic" -T fields -e
udp.srcport -e quic.tags

It does print everything related to the legacy protocols - udp, tcp, http etc.
tshark also complains on some missing libraries when trying sudo tshark -D:

dyld: Library not loaded: @rpath/libssh.4.dylib Referenced from:
/Applications/Wireshark.app/Contents/MacOS/extcap/ciscodump Reason: image not
found
dyld: Library not loaded: @rpath/libssh.4.dylib Referenced from:
/Applications/Wireshark.app/Contents/MacOS/extcap/sshdump Reason: image not
found

You are receiving this mail because:
  • You are watching all bug changes.