Wireshark-dev: Re: [Wireshark-dev] - Re: WireShark + LUA
From: "Verriere Joseph" <j.verriere@xxxxxxxxxxxx>
Date: Mon, 5 Mar 2007 10:22:17 +0100
I know that there's only little confidential information but it's my boss who told me he didn't want to, he knows better than me the agreements made with the operators so there might be something telling that we have to keep the captures inside the society. I'll ask him again to be sure.

I tried to isolate the packet on which it crashed and it hasn't crashed. With the capture file which hasn't the packet on which it crashed, it crashed at the same number of packet as before (956).

And what is a "backtrace of the stack"?

Thx
Joseph

-----Message d'origine-----
De : wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx]De la part de Luis Ontanon
Envoyé : lundi 5 mars 2007 10:05
À : Developer support list for Wireshark
Objet : [SPAM] - Re: [Wireshark-dev] [SPAM] - Re: WireShark + LUA -
Email found insubject - Email found in subject


Well, there's little confidential information in H.248 as far as no
BICC/SIP/H323 traffic is seen there's no way to trace back a call to a
specific user just from Megaco. I been a troubleshooter on "split"
telephony systems for quite few years already and one of the hardest
things you have to deal while troubleshooting MGws is that there's no
way to know which call belongs to which user without interrogating the
MGC.

You could filter h248 away from the capture and see if that crashes.

However you can do few things:

You can give me a backtrace of the stack at the moment it crashes. (To
know where it crashes can *really* help).

try to get tshark to crash, isolate the one packet on which the crash
occurred and see if it crashes "by itself".



On 3/5/07, Verriere Joseph <j.verriere@xxxxxxxxxxxx> wrote:
> Hi,
>
> I installed the last version: build 20973 and it crashes the same way.
> Trying to debug, the part of my code which crashes is the one I gave you:
>
> local numFrames = Field.new ("h248.ctx.cmd")
>
> local extract_com = Listener.new()
>
> function extract_com.packet(pinfo, Tvb)
>
>          local frames = { numFrames() }
>
> end
>
> I'm sorry but I can't send you the capture file because of confidentiality. I'm working for a society whichs works with phone companies and this capture comes from one of them.
> I hope you can still help me.
>
> Joseph Verrière
>
> -----Message d'origine-----
> De : wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx]De la part de Luis Ontanon
> Envoyé : dimanche 4 mars 2007 17:03
> À : Developer support list for Wireshark
> Objet : [SPAM] - Re: [Wireshark-dev] WireShark + LUA - Email found in
> subject
>
>
> Before sending in a huge file can you try a buidbot build >= 20972
> from http://www.wireshark.org/download/automated/
>
> I checked in a fix that might solve your issue.
>
> Luis
>
> On 3/4/07, Luis Ontanon <luis.ontanon@xxxxxxxxx> wrote:
> > As I'm the one that wrote both the Lua interface and a good part of
> > the h248 dissector I think I can help you...
> >
> > There are probably two bugs that cause this crash: one I know already
> > regarding the way rethrown exceptions are mis-handled in windows which
> > is the cause of the actual crash. I'm still deciding how to approach
> > this: either I remove the code that rethrows exceptions or modify the
> > way exceptions are handled. This is not going to be fixed soon.
> >
> > And there's probably another one triggered by your code. For that I
> > need two things from you the lua code and the capture file that
> > triggered the crash.
> >
> >
> > BR
> > Luis
> >
> > On 2/27/07, Verriere Joseph <j.verriere@xxxxxxxxxxxx> wrote:
> > > Hello,
> > >
> > > I'm trying to use LUA but I get a bug on Tshark when I launch my program.
> > > I do this:
> > > local numFrames = Field.new ("h248.ctx.cmd")
> > >
> > > local extract_com = Listener.new()
> > >
> > > function extract_com.packet(pinfo, Tvb)
> > >
> > >         local frames = { numFrames() }
> > >
> > > end
> > >
> > > There, without doing anything with frames, I get an error but not at the beginning but after a while (about 1000 frames from a capture file which has more than 175000 of them). I get an error in a window which tells me that TShark has encountered a problem and must shut down. If I launch the debug program, I get in Visual C++ and I get the message: unhandled exception.
> > >
> > > Can someone help me?
> > >
> > > Thanks
> > >
> > > ----------------------------------------------------------------------------------------------------
> > >
> > > Ce message et tout document joint sont confidentiels et à l'intention exclusive des destinataires. S'ils vous ont été adressés par erreur, merci d'en informer immédiatement l'expéditeur et de les détruire. Toute copie, diffusion ou utilisation non autorisée est interdite. Tout message électronique est susceptible d'altération : Astellia décline toute responsabilité si le message ou les documents joints ont subi une quelconque modification.
> > >
> > > This message and any attachment are confidential and intended solely to its addressees. If you are not the intended recipient please cancel it and inform immediately the sender. Any unauthorised copy or dissemination is prohibited. Electronic messages may be altered: Astellia shall not be liable for those circumstances.
> > >
> > > ----------------------------------------------------------------------------------------------------
> > >
> > >
> > > _______________________________________________
> > > Wireshark-dev mailing list
> > > Wireshark-dev@xxxxxxxxxxxxx
> > > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> > >
> >
> >
> > --
> > This information is top security. When you have read it, destroy yourself.
> > -- Marshall McLuhan
> >
>
>
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>


-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev