Wireshark-dev: [Wireshark-dev] tshark bug(s) with option -z smb,sids
From: Justin Heath <justin.heath@xxxxxxxxx>
Date: Tue, 27 Jan 2009 16:39:14 -0500
When trying to use the tshark option "-z smb,sids" I receive the
following output to stderr if smb.sid_name_snooping is not set.

The -z smb,sids function needs SMB/SID-Snooping to be enabled.
Either enable Edit/Preferences/Protocols/SMB/Snoop SID name mappings
in wireshark
or override the preference file by specifying
  -o "smb.sid_name_snooping=TRUE"
on the tshark command line.

However, if I follow the syntax provided I receive the following error.

tshark: Invalid -o flag "smb.sid_name_snooping=TRUE"

It appears the correct syntax is "-o flag smb.sid_name_snooping:TRUE"
(minus quotes) (the man page specifies this syntax). So, this gets me
past the syntax problem, however, now I get the following error.

SMB SID List:

(process:26003): GLib-CRITICAL **: g_hash_table_foreach: assertion
`hash_table != NULL' failed

I'm using CentOS 5 with wireshark 1.0.3-4.


If anyone has a workaround, solution or patch it would be appreciated.

Cheers,
Justin