Decoding functionality not available even after wireshark installation

Question

question

mjeyaram asked Apr 21, '10 mjeyaram posted Apr 21, '10

Decoding functionality not available even after wireshark installation

I am currently using

IxOS IxExplorer: 5.60550.3 EA-Patch1

iTest: 3.4

Wireshark: 1.0.99CAPWAP_0.0.1

My decode.bat is executable and has the right paths to tshark and text2pcap.

However, When I open the Ixia session, I still find that the decode functionality is not available.

Fanfare IxiaTraffic command interpreter. Copyright (c) 2005 - 2009, The Fanfare Group, Inc.

Using external tcl interpreter
tcl version: 8.4.14
tclsh location: C:/Program Files/Ixia/Tcl/8.4.14.0/bin/tclsh84.exe
tcl library: C:/Program Files/Ixia/Tcl/8.4.14.0/lib/tcl8.4
tcl package search path: C:/Program Files/Ixia/IxOS/5.60-EA-Patch1/TclScripts/lib {C:/Program Files/Ixia/Tcl/8.4.14.0/lib/tcl8.4} {C:/Program Files/Ixia/Tcl/8.4.14.0/lib}

Working platform: Windows

Checking location of 'ixTclHal.dll' in PATH: OK
    'ixTclHal.dll' found at 'C:\Program Files\Ixia\IxOS\5.60-EA-Patch1'

Loading Tcl package 'IxTclHal': OK
5.60

Loading Tcl package 'Scriptgen': OK
5.50

Checking packet decode functionality: WARNING
    Failed to decode sample packet: Premature end of file.
    Decoding functionality will be unavailable

iTest traffic generation Wireshark Ixia decode

10 |950

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2010-04-21T18:12:16Z

KumarS answered Apr 21, '10 KumarS posted Apr 21, '10

We create a temp file with some dummy packet contents. Look at the attached file.

You can create a shell, cd to iTest's installation dir and type:

decode.bat <path_to_attached_file> <path_to_output_file>

If this works, decoding will work in iTest.

packet.txt (201 B)

9

10 |950

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

mjeyaram commented · Apr 22, 2010 at 02:29 AM

Thanks for the prompt response Kumar. This is what I noticed.

The decode.bat did throw some decoded and meaning full data in the CLI as the command was getting executed. However, the output file did not have user readable data. Will attach it to this mail.

Console logs:

C:\Program Files\iTest_3.4>decode.bat c:/automation/packet.txt c:/automation/packet_decode.txt
Duplicate field detected in call to proto_register_field_array: capwap.version is already registered
<?xml version="1.0"?>
<pdml version="0" creator="wireshark/1.0.99CAPWAP_0.0.1">
<packet>
<proto name="geninfo" pos="0" showname="General information" size="64">
    <field name="num" pos="0" show="1" showname="Number" value="1" size="64"/>
    <field name="len" pos="0" show="64" showname="Packet Length" value="40" size="64"/>
    <field name="caplen" pos="0" show="64" showname="Captured Length" value="40" size="64"/>
    <field name="timestamp" pos="0" show="Apr 22, 2010 07:52:20.000000000" showname="Captured Time" value="1271902940.000000000" size="64"/>
</proto>
<proto name="frame" showname="Frame 1 (64 bytes on wire, 64 bytes captured)" size="64" pos="0">
    <field name="frame.time" showname="Arrival Time: Apr 22, 2010 07:52:20.000000000" size="0" pos="0" show="Apr 22, 2010 07:52:20.000000000"/>
    <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
    <field name="frame.time_delta_displayed" showname="Time delta from previousdisplayed frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
    <field name="frame.time_relative" showname="Time since reference or first frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
    <field name="frame.number" showname="Frame Number: 1" size="0" pos="0" show="1"/>
    <field name="frame.pkt_len" showname="Packet Length: 64 bytes" hide="yes" size="0" pos="0" show="64"/>
    <field name="frame.len" showname="Frame Length: 64 bytes" size="0" pos="0" show="64"/>
    <field name="frame.cap_len" showname="Capture Length: 64 bytes" size="0" pos="0" show="64"/>
    <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/>
    <field name="frame.protocols" showname="Protocols in frame: eth:lapbether" size="0" pos="0" show="eth:lapbether"/>
</proto>
<proto name="eth" showname="Ethernet II, Src: 00:11:22:33:11:11 (00:11:22:33:11:11), Dst: 00:11:22:33:22:22 (00:11:22:33:22:22)" size="14" pos="0">
    <field name="eth.dst" showname="Destination: 00:11:22:33:22:22 (00:11:22:33:22:22)" size="6" pos="0" show="00:11:22:33:22:22" value="001122332222">
      <field name="eth.addr" showname="Address: 00:11:22:33:22:22 (00:11:22:33:22:22)" size="6" pos="0" show="00:11:22:33:22:22" value="001122332222"/>
      <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="001122"/>
      <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="001122"/>
    </field>
    <field name="eth.src" showname="Source: 00:11:22:33:11:11 (00:11:22:33:11:11)" size="6" pos="6" show="00:11:22:33:11:11" value="001122331111">
      <field name="eth.addr" showname="Address: 00:11:22:33:11:11 (00:11:22:33:11:11)" size="6" pos="6" show="00:11:22:33:11:11" value="001122331111"/>
      <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="001122"/>
      <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="001122"/>
    </field>
    <field name="eth.type" showname="Type: DEC proto (0x6000)" size="2" pos="12" show="0x6000" value="6000"/>
</proto>
<proto name="lapbether" showname="LAPBETHER" size="2" pos="14">
    <field name="lapbether.length" showname="Length: 256" size="2" pos="14" show="256" value="0001"/>
</proto>
<proto name="malformed" showname="[Malformed Packet: LAPBETHER]" size="0" pos="14"/>
</packet>

</pdml>

C:\Program Files\iTest_3.4>

Output File: Attached

0 ·

packet_decode.txt (104 B)

KumarS mjeyaram commented · Apr 23, 2010 at 06:47 AM

This does look odd. It seems like decoding is working and putting things on stdout - but if the output file is empty, iTest will not see the decoded contents. Let me take a look.

0 ·

mjeyaram KumarS commented · Apr 27, 2010 at 04:19 AM

Awaiting your response.

0 ·

KumarS mjeyaram commented · Apr 27, 2010 at 04:18 PM

Here is the problem. Your installation of wireshark is dumping this line:

Duplicate field detected in call to proto_register_field_array: capwap.version is already registered

before the XML. This causes iTest not to be able to parse the XML document that is produced. You will need to figure out how to get rid of this error from your installation.

0 ·

mjeyaram KumarS commented · Apr 27, 2010 at 04:41 PM

Excellent and thanks !

Will take a look at the wireshark installation.

0 ·

mjeyaram mjeyaram commented · Apr 28, 2010 at 09:27 AM

I now have new installation of Wireshark which does not throw that extra message at the beginning of the XML code.

However, the output file still resembles the same I attached earlier and iTest continues to give me the same warning about not being able to decode the packets.

C:\Program Files\iTest_3.4>decode.bat c:/automation/packet.txt c:/automation/packet_decode3.txt
<?xml version="1.0"?>
<pdml version="0" creator="wireshark/1.2.7">
<packet>
<proto name="geninfo" pos="0" showname="General information" size="64">
    <field name="num" pos="0" show="1" showname="Number" value="1" size="64"/>
    <field name="len" pos="0" show="64" showname="Frame Length" value="40" size="64"/>
    <field name="caplen" pos="0" show="64" showname="Captured Length" value="40" size="64"/>
    <field name="timestamp" pos="0" show="Apr 28, 2010 14:54:08.000000000" showname="Captured Time" value="1272446648.000000000" size="64"/>
</proto>
<proto name="frame" showname="Frame 1 (64 bytes on wire, 64 bytes captured)" size="64" pos="0">
    <field name="frame.time" showname="Arrival Time: Apr 28, 2010 14:54:08.000000000" size="0" pos="0" show="Apr 28, 2010 14:54:08.000000000"/>
    <field name="frame.time_delta" showname="Time delta from previous captured frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
    <field name="frame.time_delta_displayed" showname="Time delta from previousdisplayed frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
    <field name="frame.time_relative" showname="Time since reference or first frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
    <field name="frame.number" showname="Frame Number: 1" size="0" pos="0" show="1"/>
    <field name="frame.len" showname="Frame Length: 64 bytes" size="0" pos="0" show="64"/>
    <field name="frame.cap_len" showname="Capture Length: 64 bytes" size="0" pos="0" show="64"/>
    <field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/>
    <field name="frame.protocols" showname="Protocols in frame: eth:lapbether" size="0" pos="0" show="eth:lapbether"/>
</proto>
<proto name="eth" showname="Ethernet II, Src: 00:11:22:33:11:11 (00:11:22:33:11:11), Dst: 00:11:22:33:22:22 (00:11:22:33:22:22)" size="14" pos="0">
    <field name="eth.dst" showname="Destination: 00:11:22:33:22:22 (00:11:22:33:22:22)" size="6" pos="0" show="00:11:22:33:22:22" value="001122332222">
      <field name="eth.addr" showname="Address: 00:11:22:33:22:22 (00:11:22:33:22:22)" size="6" pos="0" show="00:11:22:33:22:22" value="001122332222"/>
      <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="0" show="0" value="0" unmaskedvalue="001122"/>
      <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="0" show="0" value="0" unmaskedvalue="001122"/>
    </field>
    <field name="eth.src" showname="Source: 00:11:22:33:11:11 (00:11:22:33:11:11)" size="6" pos="6" show="00:11:22:33:11:11" value="001122331111">
      <field name="eth.addr" showname="Address: 00:11:22:33:11:11 (00:11:22:33:11:11)" size="6" pos="6" show="00:11:22:33:11:11" value="001122331111"/>
      <field name="eth.ig" showname=".... ...0 .... .... .... .... = IG bit: Individual address (unicast)" size="3" pos="6" show="0" value="0" unmaskedvalue="001122"/>
      <field name="eth.lg" showname=".... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)" size="3" pos="6" show="0" value="0" unmaskedvalue="001122"/>
    </field>
    <field name="eth.type" showname="Type: DEC proto (0x6000)" size="2" pos="12" show="0x6000" value="6000"/>
</proto>
<proto name="lapbether" showname="LAPBETHER" size="2" pos="14">
    <field name="lapbether.length" showname="Length: 256" size="2" pos="14" show="256" value="0001"/>
</proto>
<proto name="malformed" showname="[Malformed Packet: LAPBETHER]" size="0" pos="14">
    <proto name="expert" showname="Expert Info (Error/Malformed): Malformed Packet (Exception occurred)" size="0" pos="0">
      <field name="expert.message" showname="Message: Malformed Packet (Exception occurred)" size="0" pos="0" show="Malformed Packet (Exception occurred)"/>
      <field name="expert.severity" showname="Severity level: Error" size="0" pos="0" show="Error"/>
      <field name="expert.group" showname="Group: Malformed" size="0" pos="0" show="Malformed"/>
    </proto>
</proto>
</packet>

</pdml>

C:\Program Files\iTest_3.4>

0 ·

KumarS mjeyaram commented · Apr 28, 2010 at 03:08 PM

Can you provide wireshark version you have installed and the operating system version?

0 ·

mjeyaram KumarS commented · Apr 28, 2010 at 04:13 PM

Windows XP Professional Version 2002, Service Pack 2

and

Wireshark 1.2.7 as mentioned in the XML file.

0 ·

VidyaH mjeyaram commented · May 08, 2010 at 08:29 PM

Hi mjeraram,
I installed wireshark in custom path and edited iTest's decode.bat accordinlgy,started ixia session and could not see any issue.
Also, tried on default path and could not see any issue with checking packet decode functionality.

I used wireshark 1.2.8 version on windows xp system.

Only difference i see in your system's configuration is that, you are using ixOS 5.60 version which is not a Fanfare official supported version.

Please let me know if i am missing anything?

Thanks,
Vidya

0 ·

question