Ethereal-dev: Re: [Ethereal-dev] ethereal crash on particular packet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sat, 15 Jun 2002 14:29:12 -0700
On Fri, Jun 14, 2002 at 11:30:01AM +0200, Andreas Ferber wrote:
> Yes, the patch from Guy works fine here. Thanks.

I've checked it in.

> I extracted the full TCP conversation from my trace. You can find it
> in the attached trace file, if someone wants to further analyze this
> (I don't know much about the internals of ethereal, but I guess it's
> hard to do protocol dissection across more than one packet at a
> time?).

As Ronnie Sahlberg noted, it's actually not hard at all, thanks to a
pile of work done by Ronnie and others; if I enable the "Allow
subdissector to desegment TCP streams" option for the TCP dissector (the
"Desegment all DNS messages spanning multiple TCP segments" option for
the DNS dissector is on by default, so you shouldn't have to turn it
on), which is my default setting, I can see the complete DNS response by
selecting frame 7 (the last frame of the multi-frame DNS message).

As Ronnie noted, you select "Preferences" from the "Edit" menu, open the
"Protocols" list in the leftmost pane of the "Ethereal: Preferences"
dialog box that pops up, select "TCP" from the (scrolling) list in the
leftmost pane, enable "Allow subdissector to desegment TCP streams",
select "DNS" from the list in the leftmost pane, enable "Desegment all
DNS messages spanning multiple TCP segments" if it's not already
enabled, and then click "Save" if you want those settings to be saved so
that they'll automatically be in effect the next time you start Ethereal
or run Tethereal.