Reporting Bugs
Despite our best efforts, bugs make it into Wireshark from time to time. If you find a bug, we want to know about it.
First verify that this bug is not already known. You can see this on the KnownBugs page and in the Wireshark bug database. If the problem isn't listed here please file a bug report.
Where to Report Bugs
There are two preferred ways of reporting bugs: the Wireshark bug database and the wireshark-dev mailing list.
What to Report
Your Platform
Wireshark runs on a multitude of operating systems, including Windows, MacOS X, Linux, FreeBSD, Solaris, and others. It's important to let us know what platform(s) you're having trouble with. You can get the complete version and build information using one of two methods:
In Wireshark, select Help->About Wireshark from the main menu. You can copy the build information in the about box and paste it into your report. From the command line, run "tshark -v" or "wireshark -v". This will print the build information in your terminal window.
In either case the build information should look something like this:
wireshark 0.99.0 Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown), with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.2.2, with ADNS, with Lua 5.1. Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x] on Windows XP S, build 2600.
A Capture File
Including a capture file is important for two reasons: it helps us duplicate the problem and it lets us perform regression testing so that the problem doesn't reappear.
If Wireshark crashes while you're capturing, there should be a temporary capture file left over. To find this file, select Help->About Wireshark->Folders from the main menu. There should be a folder in the list called "Temp". Inside this folder should be a file called "etherXXXX..." This is the temporary file.
Note that you can only attach a capture file after you filed the initial bug report.
How to Duplicate the Problem
In your report you should describe the steps necessary to duplicate the problem. Also mention stuff like the kind of network you capture from or type of capture file you read in. Any specifics of the platform not covered by the metadata of the bug report is also appreciated.
Debugger Output
The backtrace output of a debugger (e.g. "bt" or "bt full" under gdb) is sometimes (but not always) helpful.
The preferred way is to create a bug report at http://bugs.wireshark.org/ and attach a capture file that causes the problem. If you don't feel like messing with Bugzilla you can send the capture file and/or backtrace to the wireshark-dev mailing list mailinglist.
Sensitive Information
If your bug report contains sensitive information you can keep the information private:
- In Bugzilla you can mark the bug and/or attachment as "private".
Instead of sending the report to the wireshark-dev mailing list (which is a public forum) you can send it to security@wireshark.org.
Additional Information
Bugs filed in the bug database are monitored by the developers and solved as time permits. It may be that additional information is required to find the cause of the problem. A comment will be added to the bug report requesting that information. These comments will be send to the email address that you've provided when filing the bug report, so it is important to monitor that mailbox. Please respond to these requests to keep the investigation into the problem going, even if you can't provide the information yourself. If the requested information isn't provided within a certain amount of time the only option is to close the bug report. This window depends on the severity of the problem, as follows:
Severity |
Add. Info requests |
closed after |
Blocker |
N/A |
when solved |
Critical |
N/A |
when solved |
Major |
Three |
3 month |
Normal |
Two |
2 month |
Trivial |
One |
1 month |
Enhance |
One |
1 month |
Reporting Viruses
If your AV software flags a problem with Wireshark or its installer, please send an email to the wireshark-dev list or open a bug with the following information:
- The name of the virus or trojan
The exact product you're using, including manufacturer, product name, and version
- The virus definition version or release date you're using
AV vendors won't talk to us if we don't have this information. (Half the time they won't talk to us if we do have it.) We're received several virus reports over the years. So far they've all been FalsePositives.