Hi all, I'm using wireshark 1.10. I put all the source code to server then I build - cd /trunk_1.10 - make clean - ./autogen.sh - ./configure - make - make install In the packet-camel.c, I remove all the print function of mine, I add more fprintf to log. But after doing this, i realize that all the modification was not been applied even there 's nothing wrong while compiling. So, I change tshark.c and I could see the difference. But with packet-camel.c, all the modification were ignored. I built wireshark many times but never face this case. I don't know why and how to check what 's happening. Please share if you have any experience. Thank you so much. asked 03 Apr '14, 04:39  hoangsonk49 |
2 Answers:
Are you sure that you're running the version you've compiled and are you sure it's loading the plugin you've compiled? Have you followed the instructions in the Developers Guide for running your compiled version: http://www.wireshark.org/docs/wsdg_html_chunked/ChSrcRunFirstTime.html#ChSrcRunFirstTimeUnix answered 03 Apr '14, 05:01  grahamb ♦ showing 5 of 9 show 4 more comments |
What is the output of the following command?
BTW: From your other questions I know that you are running tshark 'in the background' for several hours/days, You did not have a tshark process running, while you ran 'make install', did you? If that was the case, the make process would have been unable to overwrite the tshark binary and thus you are getting the old version. Please run the following commands to install the binary (only in your case ;-))
Regards answered 04 Apr '14, 11:05  Kurt Knochner ♦ Hi Kurt, Here is the output of which tshark
Before running "make install", I have already killed tshark process (ps -ef|rgep tshark AND kill -9) and then "make clean". I also try "make uninstall" , then remove all source, untar the source code again and compile but problem still there. With this source code, I also run on other server but nothing wrong. One clue: On the running server, previously, we installed this source code (version-1). After that, we change the code (version-2) and now, according to the log, when we run "nohup /usr/src/cs/Trunk-1.10/tshark -i 2 -P -w /tmp/Log.pcap -b filesize:655350&" => it is version-2. But if we run "nohup tshark -i 2 -P -w /tmp/Log.pcap -b filesize:655350&" => It is version-1. Is there any problem with system issue while using different accounts? In my opinion, it is not software issue, it should be the problem of OS. (05 Apr '14, 02:17) hoangsonk49
did you double check that all tshark processes have been killed before you ran Please run the following commands and post the output and the generated file somewhere.
(05 Apr '14, 13:24) Kurt Knochner ♦ Thanks, Kurt. Problem solved. I just built .rpm file on other server. My system engineer re-installed OS and used .rpm to install. Now, code changes are applied. I don't know the reason exactly but finally, it works. Thanks for your comments. (07 Apr '14, 01:18) hoangsonk49 In addition, I tried to change code again and build rpm file, then ask system engineer to re-install the new rpm file. Thank god, everything is going in the right way. (07 Apr '14, 01:20) hoangsonk49 |
Hi, I don't use wireshark. I use only tshark and dissectors (packet-camel). Before today, I can build successfully on my server and running well. Then I copy all source code to other server. I also can build without any errors and run well. Today, I need to debug and comment out all the print in the packet-camel.c but didn't see any effect after building. I change the tshark.c and see the modification. I re-change packet-camel.c again with more modification, remove all my print function but they are NOT applied after building. I didn't do any loading or install new plugin. I just copy the source from one server to the other. Thanks for help.
The principal is the same for tshark, you have to ensure you're running the compiled version and it's loading the compiled plugin.
yes, I', sure it is complied version by checking the command: - which tshark - ls -lrt /usr/local/bin/tshark So i can see the time of this file is updated. Also the version I change in tshark is modified. As i said, tshark.c was changed but packet-camel.c was NOT.
packet-camel.cis an automatically-generated file - are you sure your changes aren't being overwritten during the make process? They shouldn't be - it's one of the ones generated from asn1 and as far as I know those only get overwritten when specifically told to do so, not every time; but maybe something's weird in your setup?did you do ldconfig after install?
After installing, I check the packet-camel.c and able to se changes. I have not done ldconfig after install
Have you tried just putting some completely invalid C-code in
packet-camel.c, something that should make the compiler error? That way you can at least see if it's compiling the same file you're editing.Sometime it changes, sometime NOT, I tried 20 times and it could be caused by account. I'm not sure but I'm testing. I have both of account root and develop. With these accounts, I copied, changed, built .... but don't remember exactly how I use them with this source code but I can see the modification applied when I change account, sometime affect, sometime not. I'm still testing. But if you have any experience with this clue, please share with me. Thanks.
Hi all, I found the root cause but still have not found the solution. The root cause is:after installing (make install). only if running the tshark (/Trunk-1.10/tshark), the changes are applied. it means, all other running tshark does not make any sense. So if I run "nohup /usr/src/cs/Trunk-1.10/tshark -i 2 -P -w /tmp/Log.pcap -b filesize:655350&" ==> It works. But if run "nohup tshark -i 2 -P -w /tmp/Log.pcap -b filesize:655350&" ==> Nothing applied even I could see the change in tshark.c but other libs are not. I don't know why but truly, the "make install" didn't work. Is there anyway to install the new complie insead of using "make install" or anyway to check that "make install" has just installed my new copile.