First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Field.new("diameter.CC-Request-Type") recognized in Window but not in Linux tshark

Hi,

I run the following in LUA script. It works with Windows' tshark 3.0.5, but not with Linux (3.0.5 or 3.1.0).

dia_CC_Request_Type_extractor = Field.new("diameter.CC-Request-Type")
dia_result_code_extractor = Field.new("diameter.Result-Code")

$ ./tshark -q -r 1_rar.pcap -Xlua_script:diameter_stats_pcrf.lua
tshark: Lua: Error during loading:
diameter_stats_pcrf.lua:19: bad argument #1 to 'new' (Field_new: a field with this name must exist)
$

$ ./tshark -version
TShark (Wireshark) 3.1.0 (v3.1.0-0-g414ca80b2168)

Copyright 1998-2019 Gerald Combs [email protected] and contributors. License GPLv2+: GNU GPL version 2 or later https://www.gnu.org/licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with libpcap, without POSIX capabilities, without libnl, with GLib 2.56.1, with zlib 1.2.7, without SMI, without c-ares, with Lua 5.1.4, without GnuTLS, with Gcrypt 1.5.3, without Kerberos, without MaxMind DB resolver, without nghttp2, without brotli, with LZ4, without Snappy, with libxml2 2.9.1.

Running on Linux 3.10.0-1062.el7.centos.plus.i686, with 1858 MB of physical memory, with locale en_US.UTF-8, with libpcap version 1.9.1 (with TPACKET_V3), with Gcrypt 1.5.3, with zlib 1.2.7, binary plugins supported (0 loaded).

Built using gcc 4.8.5 20150623 (Red Hat 4.8.5-39). $

Please help to solve my problem.

Thanks, Januar

januar's avatar
1
januar
asked 2019-10-23 11:46:52 +0000
cmaynard's avatar
11.1k
cmaynard
updated 2019-10-23 16:45:24 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

with Lua 5.1.4
I'm not sure if this is relevant to the problem or not, but my version of Wireshark on Windows uses Lua 5.2.4. According to the Wireshark Support_library_version_tracking wiki page, Lua 5.1 should still be supported, but perhaps there's a bug with Lua 5.1.4 that prevents things from working as expected? If possible, can you try upgrading to a newer version of Lua?

cmaynard's avatar
11.1k
cmaynard
answered 2019-10-23 17:02:10 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I upgrade the lua into 5.2.4, but still doesn't work.

[januarvs@localhost testrun]$ ./tshark -version TShark (Wireshark) 3.0.5 (Git commit 752a55954770)

Copyright 1998-2019 Gerald Combs [email protected] and contributors. License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with libpcap, without POSIX capabilities, without libnl, with GLib 2.56.1, with zlib 1.2.7, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2.4, with GnuTLS 3.3.29, with Gcrypt 1.5.3, without Kerberos, without MaxMind DB resolver, without nghttp2, with LZ4, with Snappy, with libxml2 2.9.1.

Running on Linux 3.10.0-1062.el7.centos.plus.i686, with 1858 MB ... (more)

januar's avatar januar (2019-10-24 02:24:20 +0000) edit
more
  • delete

It maybe my mistake. I run at ./run directory and succeed. What files need to copy manually if ninja rpm-package doesn't work?

januar's avatar januar (2019-10-24 04:27:00 +0000) edit
more
  • delete

Well, in this case it seems like the diameter dissector was disabled for some reason, so some diameter-related files weren't installed? If you can confirm this, maybe open a bug report against this so it can be tracked and fixed.

cmaynard's avatar cmaynard (2019-10-24 14:43:48 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer