Ethereal-users: Re: [ethereal-users] I've got a problem

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Fri, 24 Dec 1999 12:22:52 -0800
> My Name is Tilo Buschmann and I've got a little problem with the
> ethereal. I heard a lot of good opinions of your program, but it does
> not want to work. I uses the Red Hat .rpm binary. It starts, but when I
> want to begin capturing nothing works at all (the X is already working,
> I have to kill the pid of ethereal). A new windows appears but the
> orininal window and this window aren't making anything and it is not
> possible to change anything (e.g. stopping).

Which version of which Linux distribution are you running?

> I tried to use a self compiled version, no error while compiling but the
> same mistake when I try to use it. Unfortunately the program gives no
> hint, what happened (no error in the logfile or anywhere else)
> Maybe it is a problem with the libpcap.

It probably is.

The standard "libpcap" doesn't, on Linux, support the "timeout" argument
to the routine that opens up a stream for capture of live packets;
Ethereal depends on that timeout, so that it can, while waiting for
packets to arrive, periodically check for user input and replies from
the X server.

The Ethereal "README.linux" file says:

	The standard libpcap compiled for Linux has a timeout problem. 
	If you use Ethereal with this libpcap on a not-so-busy network,
	at times you will see that the Ethereal GUI freezes.  It will
	freeze until one more packet is received.

	As of version 0.4 of libpcap this problem still exists.  This is
	the version of libpcap that comes with the standard Linux
	distributions.  If the freezing really annoys you, you can apply
	a patch to the libpcap source code.

	Libpcap can be obtained from ftp://ftp.ee.lbl.gov

	You can download the Linux patch at http://ethereal.zing.org/~gerald/

The file you want is the "libpcap-0.4-guy-gerald.patch" from the page in
question.

If you're running Red Hat 6.1, and possibly some other versions of some
other distributions, "libpcap" has been modified in ways that keep that
particular patch from being applied; the attached patch *should* work
with that version of "libpcap", but I've never tried it.

> PS: another script:
> --cut---
> tibu@doors:~ > ethereal -v
> ethereal 0.7.9, with GTK+ 1.2.6, with libpcap 0.4, with libz 1.1.3,
> without SNMP
> --cut---
> 
> What does this "SNMP" mean? Maybe it is a hint.

It's the Simple Network Managment Protocol, and "without SNMP" means
that you have neither the UCD SNMP nor the CMU SNMP library installed;
Ethereal 0.7.9 can't dissect SNMP unless it can be linked with one of
those libraries.

> How does this mailinglist work? Is it possible to join?

Yes.  On the page

	http://ethereal.zing.org/lists/

it says:

        To subscribe to a list, simply send a message with "subscribe
	<listname>" in the body of the message to majordomo@xxxxxxxx.

so you'd send a message

	subscribe ethereal-users

to "majordomo@xxxxxxxx" (put "subscribe ethereal-users" in the *body* of
the message - the subject of the message is, I think, ignored, so if you
put that in the subject only, it won't subscribe you to the list).


*** pcap-int.h.dist	Thu Oct 14 20:24:53 1999
--- pcap-int.h	Fri Dec 24 12:19:09 1999
***************
*** 76,81 ****
--- 76,82 ----
  	int linktype;
  	int tzoff;		/* timezone offset */
  	int offset;		/* offset for proper alignment */
+ 	struct timeval timeout;	/* packet timeout when reading live traffic */
  
  	struct pcap_sf sf;
  	struct pcap_md md;
*** pcap-linux.c.dist	Thu Oct 14 20:24:53 1999
--- pcap-linux.c	Fri Dec 24 12:18:42 1999
***************
*** 29,34 ****
--- 29,35 ----
  #include <sys/time.h>
  #include <sys/types.h>
  #include <sys/uio.h>
+ #include <fcntl.h>
  
  #include <net/if.h>
  #ifdef HAVE_NET_IF_ARP_H
***************
*** 261,266 ****
--- 262,268 ----
  	struct sockaddr_ll from;
  	int fromlen;
  	int snaplen = p->snapshot;
+ 	struct timeval timeout;
  
  #ifdef PACKET_TRECV
  	if (p->buffer == NULL)
***************
*** 271,276 ****
--- 273,301 ----
  	bufsize = p->bufsize;
  
  	for (;;) {
+ 		if (timerisset(&p->timeout)) {
+ 			/*
+ 			 * Delay no more than the specified amount of
+ 			 * time waiting for a packet to arrive, by
+ 			 * using "select()" with that as a timeout
+ 			 * to wait for the packet.  Return 0 if no
+ 			 * packet arrives.
+ 			 */
+ 			fd_set set1;
+ 		
+ 			FD_ZERO(&set1);
+ 			FD_SET(p->fd, &set1);
+ 		
+ 			/*
+ 			 * Linux modifies the timeout value, so we need to re-initialize
+ 			 * it each time.
+ 			 */
+ 			timeout.tv_sec = p->timeout.tv_sec;
+ 			timeout.tv_usec = p->timeout.tv_usec;
+ 			if (select(p->fd+1, &set1, NULL, NULL, &timeout) == 0)
+ 				return (0);
+ 		}
+ 		
  		fromlen = sizeof(from);
  		cc = recvfrom(p->fd, bp, snaplen, MSG_TRUNC, (struct sockaddr*)&from, &fromlen);
  		if (cc >= 0)
***************
*** 543,548 ****
--- 568,576 ----
  #ifdef PACKET_TRECV
          }
  #endif
+ 
+ 	p->timeout.tv_sec = to_ms / 1000;
+ 	p->timeout.tv_usec = (to_ms * 1000) % 1000000;
  
  	return (p);
  bad: