Wireshark-dev: Re: [Wireshark-dev] wireshark and usb

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 04 Dec 2006 01:15:38 -0800
Adam Sulmicki wrote:

folks,
 	Here are my observations from trying out wireshark on usb devices.
 	Just FWIW.
Both of those are libpcap bugs, so I'm CCing Paolo Abeni, the author of the libpcap USB-capture-on-Linux support code, in case he didn't see this. 


1) capture -> Interfaces, gives me :

 	        Can't get list of interfaces: can't open raw by socket 97:
 		Rodzina adresw nie obsugiwana przez protok
That's actually an error in the code to enumerate *Bluetooth* interfaces. Does your machine have any Bluetooth interfaces? That error (97) is "Address family not supported by protocol", and is returned by a 

	socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI)
call - Paolo, would you get that error if, for example, Bluetooth support weren't configured into the kernel, or if you have no Bluetooth devices? If so, libpcap should probably treat EAFNOSUPPORT as an indication that there aren't any Bluetooth devices, rather than an error. 


         Once I press OK, windows disappears and I get no list
         However, it works to do :

         Capture -> Options -> enter "USB4" -> Start
That probably means that the libpcap code to enumerate USB interfaces isn't finding your interface. What are the contents of the /sys/kernel/debug/usbmon directory on your machine? 


         (but it is still accompanied by above error)


2) stop of capture, I get this error :

         	Can't get packet-drop statistics:
 		Can't parse stat line 'nreaders 1 events 7614 text_lost 1918'
 		expected 2 token got 1

 	        Please report this to the Wireshark developers.
 		(This is not a crash; please do not report it as such.)


The libpcap code that gets the statistics is looking for a line of the form

	nreaders {N} text_lost {M}
and can't handle the "events {N}" in there. It might need to do the parsing directly, rather than using sscanf(), in case different versions of the kernel code put different information in there. 


3) s/w used in the above report :

distro			: fedora core 6
kernel                  : 2.6.18 vanilia
libpcap                 : cvs for today (3rd dec 2006)
wireshark svn version   : 20033
 			./configure
 				--with-ssl
 				--with-pcap=/usr/local/pcap
 				--prefix=/usr/local/wireshark

FWIW,
Adam



PS: I read the list via web archives, so courtesy CC makes replying
     (if any) much easier, and preserves In-Reply-To tag.
I read the list via Boring Old E-mail, so sending me a courtesy CC means I get two copies when one would suffice (i.e., sending a courtesy CC by default is not always the right thing); however, as you explicitly asked for a copy, I'll send one.