Hi,
As usual, thanx for the prompt reply.
The proggie crashed while following the session (exited in linux, and
caused a "bad instruction at 0xXXX in WinXP).
I will try the SMTP filter and report on further developments.
Is TCPFlow suppose to work with ethereal files? Any particular things to
take note of while saving? It did not work with all my ethereal files
(not just this one with the SMTP prob).
Regards
Darren
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx]
Sent: Friday, March 29, 2002 6:22 AM
To: darren
Cc: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Follow TCP kept hanging on SMTP session
On Thu, Mar 28, 2002 at 09:00:11PM +0800, darren wrote:
> I got this particular SMTP session that I captured with Ethereal and
> kept hanging it when I tried to "Follow TCP Stream".
>
> I tried it with both 0.9.1 in WinXP and 0.9.2 in RedHat 7.2 and it
> crashed the prog (ethereal) in both cases.
Hang, or crash? ("Crash" means "died with a signal"; "hang" means "got
stuck forever".)
Does it also hang, or crash, if, for example, you try applying the
display filter "smtp"? If so, there's probably a bug in some dissector;
we'd either need a copy of the capture file, or a stack trace (if it's a
hang rather than a crash, try running Ethereal from the command line on
Linux, and typing control-backslash on Linux in the terminal window when
it hangs; that should force a crash) in order to start trying to debug
it.
> Also, TCPFlow, which claims it can reconstruct libpcap files cannot
seem
> to be able to recon some of ethereal files saved as tcpdump format,
> error was, unknown file format. Any clues?
"Unknown file format", or "bad dump file format"?
I'd probably have to see the capture file to see what the problem is.
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
