Ethereal-users: Re: [Ethereal-users] Follow TCP kept hanging on SMTP session

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 29 Mar 2002 13:41:37 -0800
On Fri, Mar 29, 2002 at 11:35:04PM +0800, darren wrote:
> The proggie crashed while following the session (exited in linux, and
> caused a "bad instruction at 0xXXX in WinXP).

Do you mean "exited", or do you mean "dumped core"?

I.e., if you run it from a shell prompt in, say, an xterm, do you get a
"core dumped" message?

> Is TCPFlow suppose to work with ethereal files?

"Ethereal files" are just supposed to be standard tcpdump files.

Note that

	1) that's *standard* tcpdump files, not the non-standard ones
	   used on some flavors of Linux - but the libpcap on those
	   flavors of Linux should, in most cases, be able to read
	   standard tcpdump files as well as non-standard ones - or
	   generated by some Nokia devices;

	2) there *is* a bug in Ethereal 0.9.2 that causes it to generate
	   tcpdump files with a snapshot length of 0, which may cause
	   problems with running packet filters on those files, but
	   shouldn't cause them to be reported as a "bad dump file
	   format".

> Any particular things to take note of while saving?

Just make sure you save them in "libpcap (tcpdump, Ethereal, etc.)"
format.

> It did not work with all my ethereal files (not just this one with the
> SMTP prob).

Then I'd need to see one of those files to see why it might not be
readable by some applications that read tcpdump files.