First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Problem with extcap preferences in TShark (Wireshark) 3.4.2

I have been using these 2 extcap plugins with Wireshark (from 3.0.8 to 3.2) without problems.

I recently updated Wireshark and I have the following problems:

C:\Users\hgir>"C:\Program Files\Wireshark\tshark.exe" "-l" "-n" "-T" "pdml" "-o" "extcap.cc2531.channel:11" "-i" "TI CC2531 802.15.4 packet sniffer"

** (tshark.exe:8004): WARNING **: No such preference "extcap.cc1352r1.com_port" at line 386 of
C:\Users\hgir\AppData\Roaming\Wireshark\preferences (save preferences to remove this warning)

** (tshark.exe:8004): WARNING **: No such preference "extcap.cc1352r1.op_band" at line 390 of
C:\Users\hgir\AppData\Roaming\Wireshark\preferences (save preferences to remove this warning)

** (tshark.exe:8004): WARNING **: No such preference "extcap.cc2531.channel" at line 398 of
C:\Users\hgir\AppData\Roaming\Wireshark\preferences (save preferences to remove this warning)

The preferences related to extcap plugins do not seem to work.

I use these preferences to change the channel in tshark, so I get the following error:

tshark: -o flag "extcap.cc2531.channel:11" specifies unknown preference

I have been reviewing the doc related to extcap in the new version but I did not find any clues.

Any ideas? Any site with advanced documentation or API changes?

P.S: I have access to the source code, so I can do modifications in the plugins or in the configuration.

hgiraldos's avatar
16
hgiraldos
asked 2021-01-18 07:51:33 +0000
grahamb's avatar
23.8k
grahamb
updated 2021-01-21 15:18:06 +0000
edit flag offensive 0 remove flag close merge delete

Comments

We don't close answers here, instead accept the most helpful answer by clocking the checkmark icon to the left of it.

grahamb's avatar grahamb (2021-01-24 17:44:02 +0000) edit
more
  • delete

Yes, I tried, but I need >50 points to accept my own answer and I do not have them, so I did not find any other way to finish this issue.

hgiraldos's avatar hgiraldos (2021-01-24 18:54:04 +0000) edit
more
  • delete
add a comment see more comments

2 Answers

0

Are the plugins actually loading, if not that might explain the lack of support for their preferences?

Does tshark -G plugins list your extcaps?

grahamb's avatar
23.8k
grahamb
answered 2021-01-18 08:46:05 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Yes it does.

ethercat.dll            0.1.0   dissector       C:\Program Files\Wireshark\plugins\3.4\epan\ethercat.dll
...
cc1352r1.exe            0.0.1   extcap  C:\Program Files\Wireshark\extcap\cc1352r1.exe
cc2531.exe              0.0.1   extcap  C:\Program Files\Wireshark\extcap\cc2531.exe

Actually,I can use the plugins in Wireshark UI, that's what I found most strange.

hgiraldos's avatar hgiraldos (2021-01-18 09:14:12 +0000) edit
more
  • delete

Then try printing the preferences, this will be huge so either filter with the tools of your choice or redirect to a file and look with an editor. Using PowerShell:

tshark -G currentprefs | Select-String cc2531
grahamb's avatar grahamb (2021-01-18 10:44:34 +0000) edit
more
  • delete

Yes it is present:

PS C:\Program Files\Wireshark> .\tshark.exe -G currentprefs | Select-String cc2531
extcap.cc2531.channel: 14

That means it is written in the configuration file, but I think tshark does not recognize it that is why it shows this warning:

** (tshark.exe:8004): WARNING **: No such preference "extcap.cc2531.channel" at line 398 of
C:\Users\hgir\AppData\Roaming\Wireshark\preferences (save preferences to remove this warning)
hgiraldos's avatar hgiraldos (2021-01-18 11:50:42 +0000) edit
more
  • delete

I'm not sure what's going on, maybe create a new profile in Wireshark to clean out old preferences, then pass that into tshark with -C.

There have been a few changes in the extcap interface that might explain the issue. Your extcaps use a manual method of constructing the output to describe the plugin options, whereas a common method is provided to do that in the current version of Wireshark, but it's not clear to me that the old manual method is wrong.

grahamb's avatar grahamb (2021-01-18 14:23:27 +0000) edit
more
  • delete

I've already tried it with clean profiles and it didn't work. If you have located the commits that may have caused the problem I can test them looking for the beginning of the problem and give a proposal for fixing it.

hgiraldos's avatar hgiraldos (2021-01-18 14:31:58 +0000) edit
more
  • delete
add a comment see more comments
0

To make extcap preferences work in TShark is necessary to add "currentprefs" to the command.

"C:\Program Files\Wireshark\tshark.exe" "currentprefs" "-l" "-n" "-T" "pdml" "-o" "extcap.cc2531.channel:11" "-i" "TI CC2531 802.15.4 packet sniffer"

This change was introduce in v3.0.0, commit 9c53ac0187.

Anyway, I will update the plugins at @grahamb suggested.

Edit: Fix has been merged.

hgiraldos's avatar
16
hgiraldos
answered 2021-01-21 17:08:18 +0000, updated 2021-01-24 17:31:09 +0000
edit flag offensive 0 remove flag delete link
more

Comments

That code is only called with the -G option to dump information.
Maybe tshark should call extcap_register_preferences() on startup like the GUI does in main.cpp ?

Chuckc's avatar Chuckc (2021-01-21 18:02:58 +0000) edit
more
  • delete

Yes, agree. I have done a merge request in wireshark's repository.

https://gitlab.com/wireshark/wireshar...

hgiraldos's avatar hgiraldos (2021-01-22 09:10:39 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer