Wireshark-users: Re: [Wireshark-users] Debugging Wireshark dissector plugins

From: sean bzd <seanbzd@xxxxxxxxx>
Date: Wed, 13 Jan 2010 12:28:12 -0500
Thanks so much for all the responses. Like wsgd suggested, I used tshark to open the capture, identify which packet is causing the issue and looked at my dissector code to find the issue. I'm able to resolve it now. I'll also try the other methods suggested so that I can use them next time, if appropriate.

Thanks Again,
Sean.

On Tue, Jan 12, 2010 at 2:12 PM, Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx> wrote:

On Jan 12, 2010, at 11:52 AM, sean bzd wrote:

> I asked a similar question before but got no response. Can someone please provide some direction?

You should probably ask this on wireshark-dev@xxxxxxxxxxxxx (after subscribing to that list) as that is for development issues.  A lot of the same folks hang out on both of these lists though.

> Problem:
> I have a custom dissector and works fine most of the time; but sometimes, when I load the network capture containing packets (that the dissector is supposed to understand), the Wireshark application just hangs. The CPU consumption goes to 50% and stays there...it is as if it is in a tight loop. I'm using version 1.2.2 but same happens with different versions of wireshark; I know that the problem is in the dissector because if I remove the dissector plugin, wireshark is able to load the capture file. But i need some direction on how to proceed forward. Can i put some printfs in the dissector or elsewhere? Any other ideas?

Which operating system are you developing on?  The first thing I would try would be to run Wireshark in a debugger for your OS and break out of it when it seems to be stuck in a loop and look at the stack trace.  Unfortunately, no one has had a chance to add many details to the developer's guide on debugging (http://www.wireshark.org/docs/wsdg_html_chunked/ChSrcDebug.html), but we can probably help on the wireshark-dev mailing list once we know your operating system.


Steve

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe