Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
These packets were captured using "snoop" on Solaris 7 (5.7 Generic_106541-16 sun4u sparc SUNW,Ultra-4).
<<packets.snoop>>
I'm trying to read them using tethereal on another solaris 7 box (5.7 Generic_106541-06 sun4m sparc SUNW,SPARCstation-20). I can read them with snoop and they decode as RPC packets, but tethereal core dumps when it has to examine anything deeper than the headers.
e.g.
# tethereal -r packets.snoop
1 0.000000 142.139.24.56 -> 142.139.24.63 Portmap V2 CALLIT Call XID 0x3b2acf82
2 0.002097 142.139.24.55 -> 142.139.24.56 UDP Source port: 32771 Destination port: 46829
3 3.180238 142.139.24.56 -> 142.139.24.63 Portmap V2 CALLIT Call XID 0x3b2acf82 dup XID 0x3b2acf82
4 3.182724 142.139.24.55 -> 142.139.24.56 UDP Source port: 32771 Destination port: 46829
5 9.207445 142.139.24.56 -> 142.139.24.55 Portmap V2 GETPORT Call XID 0x3b309588
6 9.208690 142.139.24.55 -> 142.139.24.56 Portmap V2 GETPORT Reply XID 0x3b309588
7 1038.853750 142.139.24.56 -> 142.139.24.55 UDP Source port: 32771 Destination port: 55238
8 1041.849956 142.139.24.56 -> 142.139.24.55 UDP Source port: 32771 Destination port: 55238
9 1047.849688 142.139.24.55 -> 142.139.24.56 Portmap V2 GETPORT Call XID 0x3b29c1d7
10 1047.850153 142.139.24.56 -> 142.139.24.55 Portmap V2 GETPORT Reply XID 0x3b29c1d7
# tethereal -Vr packets.snoop
** ERROR **: file proto.c: line 998 (proto_tree_add_string): assertion failed: (hfinfo->type == FT_STRING)
aborting...
Abort (core dumped)
# tethereal -xr packets.snoop
1 0.000000 142.139.24.56 -> 142.139.24.63 Portmap V2 CALLIT Call XID 0x3b2acf82
0 ffff ffff ffff 0800 20b1 5573 0800 4500 ........ .Us..E.
10 0078 7625 4000 0111 b5c2 8e8b 1838 8e8b .xv%@........8..
20 183f b6ed 006f 0064 671e 3b2a cf82 0000 .?...o.dg.;*....
30 0000 0000 0002 0001 86a0 0000 0002 0000 ................
40 0005 0000 0001 0000 0024 3b29 fbcd 0000 .........$;)....
50 000d 534e 422d 4654 4f4e 2d57 4542 3900 ..SNB-FTON-WEB9.
60 0000 0000 0000 0000 0000 0000 0000 0000 ................
70 0000 0000 0000 0005 f3dd 0000 0002 0000 ................
80 0000 0000 0000 ......
....
In case it helps, I've also attached the text output of "snoop -vi packets.snoop".
<<packets.snoop.txt>>
tethereal was compiled without ethereal, and the version information is:
# tethereal -v
tethereal 0.8.18, with GLib 1.2.3, with libpcap 0.4, with libz 1.1.3, without SNMP
----------------------------------------------------------------------------
This communication (including all attachments) is intended solely for the
use of the person or persons to whom it is addressed and should be treated
as a confidential xwave communication. If you are not the intended
recipient, any use, distribution, printing, or copying of this email is
strictly prohibited. If you received this email in error, please
immediately delete it from your system and notify the originator. Your
cooperation is appreciated.
Attachment:
packets.snoop
Description: Binary data
ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 1 arrived at 9:13:1.20 ETHER: Packet size = 134 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 8:0:20:b1:55:73, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 120 bytes IP: Identification = 30245 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 1 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = b5c2 IP: Source address = 142.139.24.56, 142.139.24.56 IP: Destination address = 142.139.24.63, 142.139.24.63 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 46829 UDP: Destination port = 111 (Sun RPC) UDP: Length = 100 UDP: Checksum = 671E UDP: RPC: ----- SUN RPC Header ----- RPC: RPC: Transaction id = 992661378 RPC: Type = 0 (Call) RPC: RPC version = 2 RPC: Program = 100000 (PMAP), version = 2, procedure = 5 RPC: Credentials: Flavor = 1 (Unix), len = 36 bytes RPC: Time = 15-Jun-01 12:13:01 RPC: Hostname = SNB-FTON-WEB9 RPC: Uid = 0, Gid = 0 RPC: Groups = (none) RPC: Verifier : Flavor = 0 (None), len = 0 bytes RPC: PMAP: ----- Portmapper ----- PMAP: PMAP: Proc = 5 (Indirect call) PMAP: Program = 390109 (?) PMAP: Version = 2 PMAP: Proc = 0 PMAP: Callit data = 0 bytes PMAP: ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 2 arrived at 9:13:1.20 ETHER: Packet size = 74 bytes ETHER: Destination = 8:0:20:b1:55:73, Sun ETHER: Source = 8:0:20:b1:55:77, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 60 bytes IP: Identification = 31097 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = b4b1 IP: Source address = 142.139.24.55, 142.139.24.55 IP: Destination address = 142.139.24.56, 142.139.24.56 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 32771 UDP: Destination port = 46829 (Sun RPC) UDP: Length = 40 UDP: Checksum = 6D22 UDP: RPC: ----- SUN RPC Header ----- RPC: RPC: Transaction id = 992661378 RPC: Type = 1 (Reply) RPC: This is a reply to frame 1 RPC: Status = 0 (Accepted) RPC: Verifier : Flavor = 0 (None), len = 0 bytes RPC: Accept status = 0 (Success) RPC: PMAP: ----- Portmapper ----- PMAP: PMAP: Proc = 5 (Indirect call) PMAP: Port = 855 PMAP: Length = 0 bytes PMAP: ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 3 arrived at 9:13:4.38 ETHER: Packet size = 134 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 8:0:20:b1:55:73, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 120 bytes IP: Identification = 30246 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 1 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = b5c1 IP: Source address = 142.139.24.56, 142.139.24.56 IP: Destination address = 142.139.24.63, 142.139.24.63 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 46829 UDP: Destination port = 111 (Sun RPC) UDP: Length = 100 UDP: Checksum = 671E UDP: RPC: ----- SUN RPC Header ----- RPC: RPC: Transaction id = 992661378 RPC: Type = 0 (Call) RPC: RPC version = 2 RPC: Program = 100000 (PMAP), version = 2, procedure = 5 RPC: Credentials: Flavor = 1 (Unix), len = 36 bytes RPC: Time = 15-Jun-01 12:13:01 RPC: Hostname = SNB-FTON-WEB9 RPC: Uid = 0, Gid = 0 RPC: Groups = (none) RPC: Verifier : Flavor = 0 (None), len = 0 bytes RPC: PMAP: ----- Portmapper ----- PMAP: PMAP: Proc = 5 (Indirect call) PMAP: Program = 390109 (?) PMAP: Version = 2 PMAP: Proc = 0 PMAP: Callit data = 0 bytes PMAP: ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 4 arrived at 9:13:4.38 ETHER: Packet size = 74 bytes ETHER: Destination = 8:0:20:b1:55:73, Sun ETHER: Source = 8:0:20:b1:55:77, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 60 bytes IP: Identification = 31100 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = b4ae IP: Source address = 142.139.24.55, 142.139.24.55 IP: Destination address = 142.139.24.56, 142.139.24.56 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 32771 UDP: Destination port = 46829 (Sun RPC) UDP: Length = 40 UDP: Checksum = 6D22 UDP: RPC: ----- SUN RPC Header ----- RPC: RPC: Transaction id = 992661378 RPC: Type = 1 (Reply) RPC: This is a reply to frame 1 RPC: Status = 0 (Accepted) RPC: Verifier : Flavor = 0 (None), len = 0 bytes RPC: Accept status = 0 (Success) RPC: PMAP: ----- Portmapper ----- PMAP: PMAP: Proc = 5 (Indirect call) PMAP: Port = 855 PMAP: Length = 0 bytes PMAP: ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 5 arrived at 9:13:10.41 ETHER: Packet size = 98 bytes ETHER: Destination = 8:0:20:b1:55:77, Sun ETHER: Source = 8:0:20:b1:55:73, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 84 bytes IP: Identification = 62677 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 393d IP: Source address = 142.139.24.56, 142.139.24.56 IP: Destination address = 142.139.24.55, 142.139.24.55 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 887 UDP: Destination port = 111 (Sun RPC) UDP: Length = 64 UDP: Checksum = 62B6 UDP: RPC: ----- SUN RPC Header ----- RPC: RPC: Transaction id = 993039752 RPC: Type = 0 (Call) RPC: RPC version = 2 RPC: Program = 100000 (PMAP), version = 2, procedure = 3 RPC: Credentials: Flavor = 0 (None), len = 0 bytes RPC: Verifier : Flavor = 0 (None), len = 0 bytes RPC: PMAP: ----- Portmapper ----- PMAP: PMAP: Proc = 3 (Get port number) PMAP: Program = 390109 (?) PMAP: Version = 2 PMAP: Protocol = 6 (TCP) PMAP: ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 6 arrived at 9:13:10.41 ETHER: Packet size = 70 bytes ETHER: Destination = 8:0:20:b1:55:73, Sun ETHER: Source = 8:0:20:b1:55:77, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 56 bytes IP: Identification = 31106 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = b4ac IP: Source address = 142.139.24.55, 142.139.24.55 IP: Destination address = 142.139.24.56, 142.139.24.56 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 111 UDP: Destination port = 887 (Sun RPC) UDP: Length = 36 UDP: Checksum = DA2D UDP: RPC: ----- SUN RPC Header ----- RPC: RPC: Transaction id = 993039752 RPC: Type = 1 (Reply) RPC: This is a reply to frame 5 RPC: Status = 0 (Accepted) RPC: Verifier : Flavor = 0 (None), len = 0 bytes RPC: Accept status = 0 (Success) RPC: PMAP: ----- Portmapper ----- PMAP: PMAP: Proc = 3 (Get port number) PMAP: Port = 851 PMAP: ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 7 arrived at 9:30:20.05 ETHER: Packet size = 74 bytes ETHER: Destination = 8:0:20:b1:55:77, Sun ETHER: Source = 8:0:20:b1:55:73, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 60 bytes IP: Identification = 57533 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 4d6d IP: Source address = 142.139.24.56, 142.139.24.56 IP: Destination address = 142.139.24.55, 142.139.24.55 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 32771 UDP: Destination port = 55238 (Sun RPC) UDP: Length = 40 UDP: Checksum = AA35 UDP: RPC: ----- SUN RPC Header ----- RPC: RPC: Transaction id = 992571834 RPC: Type = 1 (Reply) RPC: Status = 0 (Accepted) RPC: Verifier : Flavor = 0 (None), len = 0 bytes RPC: Accept status = 0 (Success) ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 8 arrived at 9:30:23.05 ETHER: Packet size = 74 bytes ETHER: Destination = 8:0:20:b1:55:77, Sun ETHER: Source = 8:0:20:b1:55:73, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 60 bytes IP: Identification = 57537 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 4d69 IP: Source address = 142.139.24.56, 142.139.24.56 IP: Destination address = 142.139.24.55, 142.139.24.55 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 32771 UDP: Destination port = 55238 (Sun RPC) UDP: Length = 40 UDP: Checksum = AA35 UDP: RPC: ----- SUN RPC Header ----- RPC: RPC: Transaction id = 992571834 RPC: Type = 1 (Reply) RPC: Status = 0 (Accepted) RPC: Verifier : Flavor = 0 (None), len = 0 bytes RPC: Accept status = 0 (Success) ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 9 arrived at 9:30:29.05 ETHER: Packet size = 98 bytes ETHER: Destination = 8:0:20:b1:55:73, Sun ETHER: Source = 8:0:20:b1:55:77, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 84 bytes IP: Identification = 31563 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = b2c7 IP: Source address = 142.139.24.55, 142.139.24.55 IP: Destination address = 142.139.24.56, 142.139.24.56 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 918 UDP: Destination port = 111 (Sun RPC) UDP: Length = 64 UDP: Checksum = 364F UDP: RPC: ----- SUN RPC Header ----- RPC: RPC: Transaction id = 992592343 RPC: Type = 0 (Call) RPC: RPC version = 2 RPC: Program = 100000 (PMAP), version = 2, procedure = 3 RPC: Credentials: Flavor = 0 (None), len = 0 bytes RPC: Verifier : Flavor = 0 (None), len = 0 bytes RPC: PMAP: ----- Portmapper ----- PMAP: PMAP: Proc = 3 (Get port number) PMAP: Program = 390109 (?) PMAP: Version = 2 PMAP: Protocol = 6 (TCP) PMAP: ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 10 arrived at 9:30:29.05 ETHER: Packet size = 70 bytes ETHER: Destination = 8:0:20:b1:55:77, Sun ETHER: Source = 8:0:20:b1:55:73, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 56 bytes IP: Identification = 57541 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 4d69 IP: Source address = 142.139.24.56, 142.139.24.56 IP: Destination address = 142.139.24.55, 142.139.24.55 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 111 UDP: Destination port = 918 (Sun RPC) UDP: Length = 36 UDP: Checksum = ADE9 UDP: RPC: ----- SUN RPC Header ----- RPC: RPC: Transaction id = 992592343 RPC: Type = 1 (Reply) RPC: This is a reply to frame 9 RPC: Status = 0 (Accepted) RPC: Verifier : Flavor = 0 (None), len = 0 bytes RPC: Accept status = 0 (Success) RPC: PMAP: ----- Portmapper ----- PMAP: PMAP: Proc = 3 (Get port number) PMAP: Port = 816 PMAP:
- Follow-Ups:
- Re: [Ethereal-dev] Packets causing core dump
- From: Guy Harris
- Re: [Ethereal-dev] Packets causing core dump
- Prev by Date: Re: [Ethereal-dev] GIOP + idl2eth
- Next by Date: [Ethereal-dev] PAP analysis
- Previous by thread: RE: [Ethereal-dev] [Ethereal-users] Packet error handling ideas, was: Ethereal 0.8.1 8 gdk_text_size error caused by corruptedTCP header
- Next by thread: Re: [Ethereal-dev] Packets causing core dump
- Index(es):