This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

‘mate failed to configure’ when starting with web.mate enabled

0

Has anyone run into any problems with web.mate? I'm running Windows 7 64 bit with the 64 bit Wireshark v1.4.1. The mate plugin is loading fine. I have loaded up tcp.mate without any errors. When I start up Wireshark with web.mate enabled I get this error:

c:usersMEwireshark_mateweb.mate at line 1: Syntax Error before web.mate

The permissions, directory path and attributes of the web.mate file are identical to those of tcp.mate which loads without any problems. I downloaded both files at the same time, using the same browser. I downloaded web.mate a couple of times to be sure something didn't get corrupted in the download and the file is identical each time.

I downloaded the web.mate file from the wireshark wiki so it isn't that I have some one-off version with some random edits. http://wiki.wireshark.org/Mate/Tutorial?action=AttachFile&do=view&target=web.mate

asked 12 Nov '10, 10:08

devrick0's gravatar image

devrick0
1333
accept rate: 0%

edited 14 Nov '10, 05:24

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245

One Answer:

0

It looks like the format of these files have changed, so the example given does not work. http://www.wireshark.org/lists/wireshark-users/200708/msg00071.html

After a lot of trial and error, I came up with one that seems to work. I was looking for the ability to add a column that has the full time for each web page request, and it looks like it works. Here's what I came up with:

Pdu tcp_pdu Proto tcp Transport ip {
    Extract addr From ip.addr;
    Extract port From tcp.port;
    Extract tcp_start From tcp.flags.syn;
    Extract tcp_stop From tcp.flags.reset;
    Extract tcp_stop From tcp.flags.fin;
};

Gop tcp_ses On tcp_pdu Match (addr, addr, port, port) {
Start (tcp_start=1);
Stop (tcp_stop=1);
};


Transform rm_client_from_dns_resp {
Match (dns_resp=1, client) Insert (dns_resp=1);
};


Pdu dns_pdu Proto dns Transport ip {
Extract addr From ip.addr;
Extract dns_resp From dns.flags.response;
Extract host From dns.qry.name;
Extract client From ip.src;
Extract dns_id From dns.id;
Transform rm_client_from_dns_resp;


};


Transform rm_client_from_http_resp1 {
Match (http_rq);
Match (addr) Insert (not_rq);
Match (not_rq,client);
};


Transform rm_client_from_http_resp2 {
Match (not_rq,client);
};


Pdu http_pdu Proto http Transport tcp/ip {
Extract addr From ip.addr;
Extract port From tcp.port;
Extract http_rq From http.request.method;
Extract http_rs From http.response;
Extract host From http.host;
Extract client From ip.src;
Transform rm_client_from_http_resp1;
//  Transform rm_client_from_http_resp2;


};


Gop dns_req On dns_pdu Match (addr, addr, dns_id) {
Start (dns_resp=0);
Stop (dns_resp=1);
Extra (host, client);
};


Gop http_req On http_pdu Match (addr, addr, port, port) {
Start (http_rq);
Stop (http_rq);
Extra (host, client);
};


//Transform start_cond {
//       Match (attr1=aaa, attr2=bbb) Insert (msg_type=start);
//       Match (attr3=www; attr2=bbb) Insert (msg_type=start);
//       Match (attr5^a ) Insert (msg_type=stop);
//       Match (attr6$z ) Insert (msg_type=start);
//};


//Pdu pdu …  {
//     …;


Done;

Good luck,

Brian

answered 06 Jan ‘11, 12:53

lanlord's gravatar image

lanlord
1
accept rate: 0%

edited 12 Feb ‘16, 09:28

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142