Ethereal-users: Re: [Ethereal-users] hard reset on capture/start

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Wed, 24 Jan 2001 23:38:03 -0800
On Wed, Jan 24, 2001 at 11:04:26PM -0800, Guy Harris wrote:
> (The key bit of information you provided was the "98" after "windows",
> which indicates that you're running an OS that has the annoying tendency
> to allow applications to scribble all over the OS kernel's data
> structures, making it somewhat unreliable.)

Of course, the other problem is that Ethereal attempts to open, for
capturing, each of the devices that SIOCGIFCONF (on UNIX) or WinPcap (on
Windows) told it were available to capture on, so that the list in the
combo box reflects only the interfaces supported by libpcap/WinPcap (for
example, on many UNIX systems SIOCGIFCONF will report the existence of a
loopback device, as it should, but you can't capture packets on that
device).

That could also conceivably cause a crash, but the crash almost
certainly isn't in the Ethereal code, it's somewhere in WinPcap or in
the Windows OS code itself or in the driver for your network card - and
attempting to capture on the interface in question could also
conceivably cause a crash.

Try downloading WinDump from

	http://netgroup-serv.polito.it/windump/

and installing and using it (note that, as you've presumably already
installed WinPcap for Ethereal's benefit, you don't have to install it
for WinDump's benefit).

Then try running the command "windump -D" (after setting your prompt to
include the directory in which WinDump was installed - or run

	.\windump -D

after "cd"ing to that directory, assuming COMMAND.COM works like CMD.EXE
and lets you use a path such as that) from a MS-DOS command prompt
window.

If it causes a reset, the problem is probably either in the WinPcap code
or in Windows itself.

If it doesn't cause a reset, try doing

	windump -i {interface name}

on each of the interfaces it lists; if any of *those* cause a reset,
remember which of the interfaces it happened on.

In any case, crashes due to WinDump should be reported to
"winpcap@xxxxxxxxxxxxxxxxxxxxxxx" (as, if both WinDump and Ethereal
cause crashes, the problem is probably, as indicated, either with
WinPcap or Windows or a driver for one of your network cards).