I have added few printf statements in my custom dissector code for debugging and when i execute the Wireshark, printf statements are not getting printed on the linux console. I am using Wireshark version 1.10.5 and executing on Linux platform. Earlier i used Wireshark version 1.6.1 and there it used to work fine. I also tried adding printf statements in some of the standard dissector code and found that none of them is printing. I am not sure what went wrong, is there anything i am missing. Request your suggestion/help on the same. asked 28 Apr '14, 07:50  Kiran Kumar G |
One Answer:
Check the Wiki. answered 29 Apr '14, 04:59  Jaap ♦ showing 5 of 17 show 12 more comments |
Hi Jaap
Thanks for the answer, i tried the link provided by you. But, in case of Linux, if we add printf's then it should print on the console. The problem here is nothing is getting printed, even we tried adding printf's in the Wireshark base code downloaded without any modifications, but, nothing printed on console.
Is any configuration required to get the printf statements getting printed on the console.
Request your suggestion. Thank you.
Wireshark is a GUI application; on UN*Xes, GUI applications can generally be run either from the command line or the GUI.
If you run them from the command line, the standard output and standard error will be sent to your terminal unless you redirect them.
If you run them from the GUI, however, the standard output and error go wherever the GUI happens to send them.
Are you running Wireshark from the command line or not?
Hi Harris
We are executing Wireshark from command line and still we are not able to see the printf statements on the console.
One more thing we observed is that we downloaded Wireshark version 1.10.5 and 1.10.8. Added printf statements in plugin folder under ethercat dissector and found that printf worked in 1.10.8 and not in 1.10.5.
Request your suggestion. Thank you.
So you're typing "wireshark", possibly with command-line arguments, at a shell prompt?
What happens if you run "wireshark", with just the argument "-v", from a shell prompt? Does it print the Wireshark version information?
we are typing wireshark without any arguments from the command line as below.
[[email protected] wireshark-1.10.5]# /usr/local/bin/wireshark
Below is the output when we execute "wireshark -v" from the command line.
=================================================================== [[email protected] wireshark-1.10.5]# /usr/local/bin/wireshark -v wireshark 1.10.5 (SVN Rev Unknown from unknown)
Copyright 1998-2013 Gerald Combs [email protected] and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 2.18.9, with Cairo 1.8.8, with Pango 1.28.1, with GLib 2.22.5, with libpcap, with libz 1.2.3, with POSIX capabilities (Linux), with libnl 1, without SMI, without c-ares, without ADNS, without Lua, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP, without PortAudio, without AirPcap.
Running on Linux 2.6.32-71.el6.x86_64, with locale en_US.UTF-8, with libpcap version 1.0.0, with libz 1.2.3, GnuTLS 2.8.5, Gcrypt 1.4.5. Intel(R) Xeon(R) CPU W3520 @ 2.67GHz
Built using gcc 4.4.4 20100726 (Red Hat 4.4.4-13).
================================================================== Thank you
Is
/usr/local/bin/wiresharkwhere your changed and compiled wireshark executable resides? Usually that's the location of the installed one from the distribution, whereas your changed one is in whatever directory you have the source code in and ranmakefrom (or did you domake install?). To run the locally compiled one, go into the source code's directory and do./wiresharkinstead ofwireshark.Yes, we did make and make install, so we used to run /usr/local/bin/wireshark. This is the path which consists of the executable that we have built and installed.
Huh. Well it works for me all the time, as I use it for wireshark debugging a lot. Maybe try
fprintf(stderr, ...)or tostdout, instead ofprintf().But really
printfshould work - it's used to print the version output, when you runtshark -vorwireshark -v. So go intotshark.cand change theshow_version()function'sprintfstring by adding some words or something, recompile, and then runtshark -v... then if you don't see the changes, you'll know you're not running the executable you compiled. Or go intoui/gtk/main.cand change theshow_version()function in that, and after compiling runwireshark -vto try the same thing but for wireshark instead of tshark.Are you sure your dissector gets called?
We tried the suggestions provided by Hadriel and it works fine, whatever printf statements we add inside the functions in file present under Wireshark base folder works fine. As our dissector was added inside the plugins folder, we observed that printfs are not working if we add under this folder.
We even tried to add printf under some of the default dissector functions like ethercat present under plugins folder (in a plain downloaded code v1.10.5 - without our changes) and it dint work. Not sure what could be the issue.
@Anders: Yes, our dissector gets called and dissects the packets perfectly, but fail to print on the console using printfs.
Did you do make install to run your plugin, if so did you do make install after adding the printfs?
Yes, we did "make" and "make install" after adding the printfs.
ldconfig ?
log off/log on?
what is log off/log on ? can you please let me know.
Logoff the system, on occasion I have seen that the new executable isn't run as you 'd expect...
We tried both "ldconfig" and log off and log on the system, but no luck, printfs not working.