https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16447
Jim Young <jyo...@gsu.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jyo...@gsu.edu
--- Comment #9 from Jim Young <jyo...@gsu.edu> ---
Here's some of my observations about running the sshdump extcap on macOS.
I always start Wireshark via macOS Terminal window.
I've gotten in the habit of shutting down and restarting after one use of the
sshdump extcap.
My first attempt to run the sshdump extcap will generally be successful. But
rather than double-click, I always click on the sshdump's gear icon to open the
"Interface Options: SSH remote Capture: sshdump" dialog box, enter or verify
various values and then press [Start].
After closing the capture file, if I attempt to run sshdump a second time I
will generally see two copies of the following message in the Terminal window
and Wireshark will be hung requiring it to be force terminated.
> (process:39403): GLib-WARNING **: In call to g_spawn_sync(), exit status of a
> child process was requested but ECHILD was received by waitpid(). Most likely
> the process is ignoring SIGCHLD, or some other thread is invoking waitpid()
> with a nonpositive first argument; either behavior can break applications
> that use g_spawn_sync either directly or indirectly.
Increasing the console.log.level in the Preferences -> Advanced from the
default value of 28 to 255 will reveal that above GLib-WARNING message occur
after:
> 23:37:53.323 Capture Dbg spawn_sync:
> '/Applications/Wireshark.app/Contents/MacOS/extcap/sshdump' '--extcap-config'
> '--extcap-interface' 'sshdump'
Interestingly even if I have not configured the sshdump extcap, if I simply
double-click on the sshdump extcap from the Welcome screen it will start but it
will not capture anything nor timeout. When I click Stop button I get an Error
dialog that states:
> (!) Unexpected error from select: Interrupted system call! [OK]
Clicking [Ok] will dismiss that dialog only to reveal s second error dialog
that states:
> (!) Error by extcap pipe: ** (process:12345): **: Invalid Port: 0 [OK]
If I to shutdown Wireshark or if I try to start sshdump again Wireshark will
hand necessitating a Force Quit.
There's also the wlandump extcap available at:
https://github.com/adriangranados/wlan-extcap
The wlandump extcap calls the sshdump extcap with the curious additional
behavior that after one successful remote wifi capture and shutdown of
Wireshark the spawned sshdump process initiated by the wlandump extcap will
still be running.
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
