Ethereal-users: Re: [Ethereal-users] ethereal FDDI void freme from tcpdump capture
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Stuart Davidson <dav@xxxxxxxxxxxxxxxxxx>
Date: Wed, 14 Nov 2001 21:18:08 +0000
Thanks for the swift response.
Guy Harris wrote:
> > I'm trying to use ethereal to display FDDI packets captured by
> > tcpdump.
>
> The tcpdump that comes with Digital^H^H^H^H^H^H^HTru64 UNIX, or the one
> from tcpdump.org (built with the libpcap that comes from tcpdump.org)?
>
I'm using the tcpdump bundled with the operating system, details below.
>
> At one point, the Digital UNIX tcpdump wrote out capture files that I
> couldn't even read with tcpdump on other machines.
>
> At least for Ethernet captures, the DU 4.0F tcpdump seems to produce
> stuff Ethereal can read, however.
>
> If the captures are from the native tcpdump, could you send us one of
> the problematic FDDI captures, so we can see if it's some sort of
> non-standard capture (e.g., if they've stuck padding on the front of the
> FDDI header *in the capture file* to pad it to a multiple of 2 or 4
> bytes - which would make it unreadable even by standard *tcpdump*)?
>
OK, I'll send it to you direct.
>
> > 1. I do not want ethereal to display anything when it's just capturing
> > to a log file but I have not found a way to prevent the graphical
> > display
>
> Ethereal is a GUI program, so there's no way to prevent the graphical
> display; if you want to do captures in the background, rather than
> interactively, use tcpdump or Tethereal.
>
> > 2. when two ethereals are running on the same system the second
> > occasionally displays "malformed address"
>
> I don't see anything in the Ethereal source to display that; could you
> show us the full, precise message?
>
Sorry about that, I didn't note the exact error message but will do next
time.
>
> > 3. the second ethereal occasionally core dumps:
> >
> > tcpdump: Using kernel BPF filter
> >
> > ** ERROR **: file tvbuff.c: line 399 (compute_offset_length): assertion
> > failed:
> > (length >= -1)
> > aborting...
> > # file core*
> > core.ethereal.v19.s1021.0: core dump, generated from 'ethereal.v19'
>
> Have you tried running a debugger on the core dump? Without that, we
> can't guess why it might be crashing.
Here are some sample stack traces and details of the tcpdump executable.
# dbx ethereal.v19.vanilla core.ethereal.v19.van.s1021.0
dbx version 3.11.10
Type 'help' for help.
Core file created by program "ethereal.v19.van"
signal Segmentation fault at [rdconvertbufftostr:6
+0x3a8,0x12016a128] Source not available
(dbx) where
> 0 rdconvertbufftostr() ["packet-radius.c":6, 0x12016a128]
1 rd_value_to_str() ["packet-radius.c":6, 0x12016a3d8]
2 dissect_attribute_value_pairs() ["packet-radius.c":6, 0x12016ae34]
3 dissect_radius() ["packet-radius.c":6, 0x12016b2e8]
4 dissector_try_port() ["packet.c":6, 0x1202d400c]
5 decode_udp_ports() ["packet-udp.c":6, 0x1201e09b8]
6 dissect_udp() ["packet-udp.c":6, 0x1201e1524]
7 dissector_try_port() ["packet.c":6, 0x1202d400c]
8 dissect_ip() ["packet-ip.c":6, 0x1200ca678]
9 dissector_try_port() ["packet.c":6, 0x1202d400c]
10 ethertype() ["packet-ethertype.c":6, 0x120095280]
11 dissect_snap() ["packet-llc.c":6, 0x12010d9a4]
12 dissect_llc() ["packet-llc.c":6, 0x12010d510]
13 call_dissector() ["packet.c":6, 0x1202d5788]
14 dissect_fddi() ["packet-fddi.c":6, 0x120096394]
15 dissect_fddi_not_bitswapped() ["packet-fddi.c":6, 0x120096464]
16 dissector_try_port() ["packet.c":6, 0x1202d400c]
17 dissect_frame() ["packet-frame.c":6, 0x120097bc0]
18 call_dissector() ["packet.c":6, 0x1202d5788]
19 dissect_packet() ["packet.c":6, 0x1202d3724]
20 epan_dissect_new() ["epan.c":6, 0x1202dc72c]
21 add_packet_to_packet_list() ["file.c":6, 0x12022f3d0]
22 read_packet() ["file.c":6, 0x12022fc68]
23 continue_tail_cap_file() ["file.c":6, 0x12022ed44]
24 cap_file_input_cb() ["capture.c":6, 0x12022a990]
25 gdk_io_invoke() ["gdkevents.c":6, 0x3000001c7fc]
26 g_io_unix_dispatch() ["giounix.c":6, 0x30001014020]
27 g_main_dispatch() ["gmain.c":6, 0x3000101617c]
28 g_main_iterate() ["gmain.c":6, 0x300010169e8]
29 g_main_run() ["gmain.c":6, 0x30001016c48]
30 gtk_main() ["gtkmain.c":6, 0x3ffbff4f560]
31 main() ["main.c":6, 0x1202546e4]
(dbx) q
# dbx ethereal core.ethereal.v19.s1021.0
dbx version 3.11.10
Type 'help' for help.
Core file created by program "ethereal.v19"
signal IOT/Abort trap at >*[__kill, 0x3ff800e9b78] beq r19,
0x3ff800e9b90
(dbx) where
> 0 __kill(0x3ff800dccdc, 0x3ffc0086c80, 0x3ffc0089540, 0x0, 0x3ff801766c0)
[0x3ff800e9b78]
1 (unknown)() [0x3ff801a5088]
2 __tis_raise(0x3ff801766c0, 0x0, 0x3ff80112014, 0x6, 0x3ff8015f6d4)
[0x3ff80112010]
3 raise(0x3ff80112014, 0x6, 0x3ff8015f6d4, 0x2, 0x3ff801766ec)
[0x3ff8015f6d0]
4 abort(0x300010199ac, 0x0, 0x0, 0x0, 0xfffffc0000000000) [0x3ff801766e8]
5 g_logv() ["gmessages.c":6, 0x300010199a8]
6 g_log() ["gmessages.c":6, 0x30001019ae0]
7 compute_offset_length() ["tvbuff.c":6, 0x1202dfbb0]
8 check_offset_length_no_exception() ["tvbuff.c":6, 0x1202dfcc0]
9 check_offset_length() ["tvbuff.c":6, 0x1202dfe24]
10 ensure_contiguous() ["tvbuff.c":6, 0x1202e1278]
11 tvb_get_ptr() ["tvbuff.c":6, 0x1202e1c88]
12 rdconvertbufftostr() ["packet-radius.c":6, 0x12017069c]
13 rd_value_to_str() ["packet-radius.c":6, 0x120170bb8]
14 dissect_attribute_value_pairs() ["packet-radius.c":6, 0x120171614]
15 dissect_radius() ["packet-radius.c":6, 0x120171ac8]
16 dissector_try_port() ["packet.c":6, 0x1202ec34c]
17 decode_udp_ports() ["packet-udp.c":6, 0x1201e7198]
18 dissect_udp() ["packet-udp.c":6, 0x1201e7d04]
19 dissector_try_port() ["packet.c":6, 0x1202ec34c]
20 dissect_ip() ["packet-ip.c":6, 0x1200cfca8]
21 dissector_try_port() ["packet.c":6, 0x1202ec34c]
22 ethertype() ["packet-ethertype.c":6, 0x12009a8b0]
23 dissect_snap() ["packet-llc.c":6, 0x120114154]
24 dissect_llc() ["packet-llc.c":6, 0x120112e48]
25 call_dissector() ["packet.c":6, 0x1202edac8]
26 dissect_fddi() ["packet-fddi.c":6, 0x12009b9c4]
27 dissect_fddi_not_bitswapped() ["packet-fddi.c":6, 0x12009ba94]
28 dissector_try_port() ["packet.c":6, 0x1202ec34c]
29 dissect_frame() ["packet-frame.c":6, 0x12009d1f0]
30 call_dissector() ["packet.c":6, 0x1202edac8]
31 dissect_packet() ["packet.c":6, 0x1202eba64]
32 epan_dissect_new() ["epan.c":6, 0x1202f4a7c]
33 add_packet_to_packet_list() ["file.c":6, 0x120237ac0]
34 read_packet() ["file.c":6, 0x120238358]
35 continue_tail_cap_file() ["file.c":6, 0x120237434]
36 cap_file_input_cb() ["capture.c":6, 0x120233080]
37 gdk_io_invoke() ["gdkevents.c":6, 0x3000001c7fc]
38 g_io_unix_dispatch() ["giounix.c":6, 0x30001014020]
39 g_main_dispatch() ["gmain.c":6, 0x3000101617c]
40 g_main_iterate() ["gmain.c":6, 0x300010169e8]
41 g_main_run() ["gmain.c":6, 0x30001016c48]
42 gtk_main() ["gtkmain.c":6, 0x3ffbff4f560]
43 main() ["main.c":6, 0x12026ca24]
(dbx) q
# which tcpdump
/usr/sbin/tcpdump
# what /usr/sbin/tcpdump
/usr/sbin/tcpdump:
$RCSfile: crt0.s,v $ $Revision: 1.1.21.11 $ (DEC) $Date: 1995/09/06
19:54:27 $
$RCSfile: print-proplist.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1995/05/30 15:37:30 $
$RCSfile: tcpdump.c,v $ $Revision: 1.1.14.2 $ (DEC) $Date: 1997/07/30
16:03:51 $
$RCSfile: print-ether.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1993/06/22 18:44:09 $
$RCSfile: print-ip.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date: 1993/06/22
18:44:41 $
$RCSfile: print-arp.c,v $ $Revision: 1.1.7.2 $ (DEC) $Date:
1995/04/27 23:14:11 $
$RCSfile: print-tcp.c,v $ $Revision: 1.1.4.3 $ (DEC) $Date:
1995/11/30 22:09:08 $
$RCSfile: print-udp.c,v $ $Revision: 1.1.4.2 $ (DEC) $Date:
1995/04/06 21:48:40 $
$RCSfile: print-atalk.c,v $ $Revision: 1.1.7.2 $ (DEC) $Date:
1997/07/30 16:03:44 $
$RCSfile: print-domain.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1993/06/22 18:43:54 $
$RCSfile: print-tftp.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1993/06/22 18:47:59 $
$RCSfile: print-bootp.c,v $ $Revision: 1.1.4.3 $ (DEC) $Date:
1994/02/11 16:13:55 $
$RCSfile: print-nfs.c,v $ $Revision: 1.1.4.2 $ (DEC) $Date:
1995/04/06 21:41:53 $
$RCSfile: print-nfs3.c,v $ $Revision: 1.1.10.1 $ (DEC) $Date:
2000/06/14 12:54:21 $
$RCSfile: print-icmp.c,v $ $Revision: 1.1.5.2 $ (DEC) $Date:
1995/03/24 19:17:41 $
$RCSfile: nametoaddr.c,v $ $Revision: 1.1.4.2 $ (DEC) $Date:
1994/04/08 21:17:00 $
$RCSfile: print-sl.c,v $ $Revision: 1.1.4.2 $ (DEC) $Date: 1995/11/16
18:58:24 $
$RCSfile: print-ppp.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1993/06/22 18:46:52 $
$RCSfile: print-rip.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1993/06/22 18:47:05 $
$RCSfile: print-snmp.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1993/06/22 18:47:32 $
$RCSfile: print-ntp.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1993/06/22 18:45:54 $
$RCSfile: print-null.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1993/06/22 18:46:04 $
$RCSfile: print-egp.c,v $ $Revision: 1.1.7.2 $ (DEC) $Date:
1997/07/30 16:03:47 $
$RCSfile: print-ospf.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1993/06/22 18:46:45 $
$RCSfile: print-fddi.c,v $ $Revision: 1.1.2.3 $ (DEC) $Date:
1993/07/21 14:34:21 $
$RCSfile: print-sunrpc.c,v $ $Revision: 1.1.4.4 $ (DEC) $Date:
1995/10/24 11:06:50 $
$RCSfile: print-mount.c,v $ $Revision: 1.1.2.3 $ (DEC) $Date:
1995/10/24 11:06:46 $
$RCSfile: print-nis.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1995/04/06 21:43:33 $
$RCSfile: print-nlm.c,v $ $Revision: 1.1.2.3 $ (DEC) $Date:
1995/10/24 11:06:48 $
$RCSfile: print-sm.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date: 1995/04/06
21:46:17 $
$RCSfile: print-pmap.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1995/04/06 21:45:27 $
$RCSfile: savefile.c,v $ $Revision: 1.1.4.2 $ (DEC) $Date: 1993/10/15
20:11:51 $
$RCSfile: util.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date: 1993/06/22
18:49:42 $
$RCSfile: etherent.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date: 1993/06/22
18:33:52 $
$RCSfile: inet.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date: 1993/06/22
18:34:58 $
$RCSfile: print-llc.c,v $ $Revision: 1.1.4.2 $ (DEC) $Date:
1994/02/11 16:14:07 $
$RCSfile: print-decnet.c,v $ $Revision: 1.1.4.2 $ (DEC) $Date:
1994/02/11 16:14:01 $
$RCSfile: print-isoclns.c,v $ $Revision: 1.1.2.3 $ (DEC) $Date:
1993/07/21 14:34:28 $
$RCSfile: gencode.c,v $ $Revision: 1.1.6.2 $ (DEC) $Date: 1995/12/06
16:21:28 $
$RCSfile: optimize.c,v $ $Revision: 1.1.5.3 $ (DEC) $Date: 1995/11/16
18:58:19 $
$RCSfile: bpf_dump.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date: 1993/06/22
18:33:21 $
$RCSfile: bpf_filter.c,v $ $Revision: 1.1.6.2 $ (DEC) $Date:
1995/04/06 21:40:01 $
$RCSfile: bpf_image.c,v $ $Revision: 1.1.4.2 $ (DEC) $Date:
1995/11/16 18:58:15 $
$RCSfile: md-alpha.c,v $ $Revision: 1.1.4.2 $ (DEC) $Date: 1994/02/11
16:13:50 $
$RCSfile: os-osf1.c,v $ $Revision: 1.1.2.3 $ (DEC) $Date: 1993/07/21
14:33:57 $
$RCSfile: pcap-pf.c,v $ $Revision: 1.1.7.3 $ (DEC) $Date: 1995/11/16
18:58:21 $
$RCSfile: print-trn.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date:
1994/04/08 21:17:09 $
$RCSfile: rpcutil.c,v $ $Revision: 1.1.2.2 $ (DEC) $Date: 1995/04/06
21:49:23 $
# odump -Dl /usr/sbin/tcpdump
***LIBRARY LIST SECTION***
Name Time-Stamp CheckSum Flags Version
/usr/sbin/tcpdump:
libc.so Jan 11 19:24:58 2001 0xbad758ae 0 osf.1
# sum /usr/sbin/tcpdump
39945 296 /usr/sbin/tcpdump
- Follow-Ups:
- Re: [Ethereal-users] ethereal FDDI void freme from tcpdump capture
- From: Guy Harris
- Re: [Ethereal-users] ethereal FDDI void freme from tcpdump capture
- References:
- Re: [Ethereal-users] ethereal FDDI void freme from tcpdump capture
- From: Guy Harris
- Re: [Ethereal-users] ethereal FDDI void freme from tcpdump capture
- Prev by Date: Re: [Ethereal-users] ethereal FDDI void freme from tcpdump capture
- Next by Date: [Ethereal-users] unsuccessful ARP repetition and duplicate IP address
- Previous by thread: Re: [Ethereal-users] ethereal FDDI void freme from tcpdump capture
- Next by thread: Re: [Ethereal-users] ethereal FDDI void freme from tcpdump capture
- Index(es):
