Ethereal-dev: [Ethereal-dev] RE: [Ethereal-users] Win9x Ethereal crashes
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Andy Leigh <andy.leigh@xxxxxxxxx>
Date: Thu, 14 Dec 2000 23:16:37 -0000
Gilbert,
thank you for your quick response. I have to congratulate you and all the
others on a superb tool for network engineers...
I've managed to find something reproducible here. the dos-box error message
is this:
Gdk-WARNING **: gdk_text_size: gdk_nmbstowchar_ts failed
The crashes happen with 100% consistency when decoding SMB transfers.
Specifically, I can always get Ethereal to bounce when performing a
TRANS2_FIND_FIRST2 response decode. Far less frequently, it occasionally
hangs on TRANS2_FIND_NEXT2 response. In both cases, a request is parsed
without incident.
I'm a little uncertain about posting a file because obviously SMB gives the
game away on rather a lot of sensitive detail. I've posted a text printout
of a relevant packet (with data changed to protect security) to show the
sort of decode I get:
Transmission Control Protocol, Src Port: 139 (139), Dst Port: 1317 (1317),
Seq: 58852, Ack: 30263426
Source port: 139 (139)
Destination port: 1317 (1317)
Sequence number: 58852
Next sequence number: 59384
Acknowledgement number: 30263426
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 7445
Checksum: 0x8bea
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 528
SMB (Server Message Block Protocol)
Message Type: 0xFF
Server Component: SMB
SMB Command: SMBtrans2 (0x32)
Error Class: Success
Reserved: 0
Error Code: No Error
Flags: 0x80
.... ...0 = Lock&Read, Write&Unlock not supported
.... ..0. = Receive buffer not posted
.... 0... = Path names case sensitive
...0 .... = Pathnames not canonicalized
..0. .... = OpLocks not requested/granted
.0.. .... = Notify open only
1... .... = Response to client/redirector
Flags2: 0x8001
.... .... .... ...1 = Long file names supported
.... .... .... ..0. = Extended attributes not supported
.... .... .... .0.. = Security signatures not supported
.... 0... .... .... = Extended security negotiation not supported
...0 .... .... .... = Don't resolve pathnames with DFS
..0. .... .... .... = Don't permit reads if execute-only
.0.. .... .... .... = Error codes are DOS error codes
1... .... .... .... = Strings are Unicode
Reserved: 6 WORDS
Network Path/Tree ID (TID): 26629 (6805)
Process ID (PID): 7745 (1e41)
User ID (UID): 4096 (1000)
Multiplex ID (MID): 514 (0202)
Word Count (WCT): 10
Total Parameter Count: 8
Total Data Count: 464
Reserved2: 0
Parameter Count: 8
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 464
Data Offset: 64
Data Displacement: 0
Setup Count: 0
Reserved3: 0
Byte Count (BCC): 473
Pad1: [deleted by author]
Parameter: [deleted by author]
Data: [deleted by author]
Andy
> -----Original Message-----
> From: Gilbert Ramirez [SMTP:gram@xxxxxxxxxx]
> Sent: Thursday, December 14, 2000 8:39 PM
> To: Andy Leigh; 'ethereal-users@xxxxxxxxxxxx'
> Subject: Re: [Ethereal-users] Win9x Ethereal crashes
>
> On Thu, Dec 14, 2000 at 07:03:58PM -0000, Andy Leigh wrote:
> > Dear all,
> >
> > I wonder if anyone has some advice. I and my colleagues run Ethereal on
> a
> > number of different Windows 9x platforms with the GTK libraries
> (downloaded
> > from the Ethereal site). Ethereal only stays around for a couple of
> captures
> > before dying. There is no consistent behaviour on when it fails:
> sometimes
> > paging down a decode; sometimes just clicking on a line of decode;
> sometimes
> > resizing a window; sometimes just as it's about display the decode
> > information. The consistent theme is that it stays around for only a few
> > minutes before requiring a restart. The symptoms are either: a) an error
> > message pops up about the application behaving illegally or b) a dos-box
> > appears referring to font problems (the latter happening far-less
> frequently
> > than the former). The behaviour has been consistent for all versions of
> > Ethereal and GTK.
> >
> > It strikes me that this is a GTK library problem. To avoid clashes I
> never
> > install the dlls into windows/system, but keep them in the same
> directory as
> > the current version of Ethereal.
>
> It might not be. There could be a bug in one of our protocol dissectors
> that gets triggered by a certain type of packet that happens to be
> common on your network. The next time Ethereal crashes, try to find
> the temporary packet trace file (which will probably exist in the
> directory that your TEMP env. variable points to). Re-load it and
> see if the crash occurs. You can more readly cause a crash by setting
> either a color filter or a display filter, which will cause Ethereal
> to run a full dissection on each packet, hopefully triggering the
> bug. W/o a filter, Ethereal runs a full dissection on a packet only
> when you highlight the packet.
>
> If you get a file which always produces an Ethereal crash, please
> forward it to ethereal-dev or to me, if you can share the data that's
> in the file.
>
> --gilbert
This e-mail, and any attachment, is confidential. If you have received
it in error, please delete it from your system, do not use or disclose
the information in any way, and notify me immediately. The contents of
this message may contain personal views which are not the views of the
BBC, unless specifically stated.
- Prev by Date: Re: R: [tcpdump-workers] Re: R: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
- Next by Date: [Ethereal-dev] "Match Selected" FT_STRING patch
- Previous by thread: Re: [Ethereal-dev] [PATCH] Mobile IPv6 support
- Next by thread: [Ethereal-dev] "Match Selected" FT_STRING patch
- Index(es):
