I'd like to copy my collection of Profiles from my main machine to all the other machines where I run Wireshark (home, office, laptops, VMs ...) And I've done that -- copied it to an OS X laptop. Wireshark loads ... but the Profile menu in the lower right-hand corner isn't visible. And when I start capturing, I can see nothing but the top menu bar: no packets scrolling by ... I can access the menus, stop and restart capture and so forth, but at no time do I see packets ... the Wireshark window displays a dismal, uniform grey, with no features anywhere, other than the menu choices at the top. I've tried converting the contents of ~/.wireshark as follows: cd .wireshark find . | xargs dos2unix No change in Wireshark GUI behavior. I've tried reverting to the original .wireshark folder, then copying a single Profile over. That works ... Wireshark remains functional ... but as soon as I select that profile and start capturing, I return to the 'dismal grey screen'. Is anyone else sharing Profiles between different operating systems? --sk Stuart Kendrick asked 01 Jul '14, 11:45  skendric |
One Answer:
OK, your pointer to the gui.* preferences has helped me make progress. When I unzip my .wireshark.tar.gz file, I get ../profiles/{whatever}/recent files of course. They start out looking like this (I've deleted the comment lines for ease-of-reading): gui.toolbar_main_show: TRUE gui.filter_toolbar_show: TRUE gui.wireless_toolbar_show: FALSE gui.airpcap_driver_check_show: TRUE gui.packet_list_show: TRUE gui.tree_view_show: TRUE gui.byte_view_show: TRUE gui.statusbar_show: TRUE gui.packet_list_colorize: TRUE OK, now I run Wireshark, select one of my profiles (ARP), and whoom, I see this dismal grey screen. Open ../profile/ARP/recent ... and I see the following: gui.toolbar_main_show: FALSE gui.filter_toolbar_show: FALSE gui.wireless_toolbar_show: FALSE gui.airpcap_driver_check_show: FALSE gui.packet_list_show: FALSE gui.tree_view_show: FALSE gui.byte_view_show: FALSE gui.statusbar_show: FALSE gui.packet_list_colorize: FALSE If I quit Wireshark, change FALSE to TRUE, then re-open Wireshark, I see a normal screen, complete with toolbars and packet lists and so forth. And if I then switch to Default then back to ARP ... works fine -- those TRUE strings stay TRUE. That being said, I'm still not seeing my customized columns nor Filters ... although I can clearly see them in ../profiles/{whatever}/preferences [...] OK, after some futzing, I'm going to claim that the problem relates to line termination. Here is the sequence of steps I need to take to get this to work: rm -rf .wireshark tar xvf wireshark-preferences.zip cd .wireshark find . | xargs dos2unix And then I'm fine -- no 'dismal grey screen', customized columns are visible, customized Filters are visible, things look peachy. I have filed Bug 10272 to propose enhancing Wireshark under OS X to be agnostic to line termination characters. [Wireshark under Linux is already agnostic -- I can copy .wireshark there without trouble.] answered 10 Jul '14, 15:51 skendric |
Are the Wireshark versions the same across your machines? Are the OSes the same? Have you tried restarting Wireshark after changing a profile? Also, note that 1.11.x versions would crash upon switching profiles (not sure if this also applied to 1.10.x), this is fixed in 1.12.x.
Regarding the 'dismal grey screen', can you check your preferences to see if you have "Update list of packets in real time" disabled? (It's under
Edit -> preferences -> Capture). It seems like it might be disabled.Other than that, you might want to check your preferences file and see which gui.* preferences have been changed from their default settings that might be causing the problem. (If a preference is set to its default value, it will be commented via
#.) If possible, post your preference file, or at least the non-default preferences, so that someone can try to recreate what you're experiencing.