I believe I have run across a bug with tethereal but wanted
to make sure. I use tethereal to capture
VoIP traffic (SIP in this case) and then use the -v
functions for statistics.
I have run into a situation where tethereal will
segmentation fault when SIP traffic is using port number
5062. When using 5060 everything is fine.
Here is my setup:
tethereal 0.10.3
Compiled with GLib 2.4.0, with libpcap 0.8.3, with libz 1.2.1.1,
without libpcre, with Net-SNMP 5.1.1, without ADNS.
NOTE: this build does not support the "matches" operator for Ethereal
filter
syntax.
Running with libpcap version
0.8.3 on Linux 2.6.5-1.358smp.
I am capturing data using the following command:
tethereal -i eth0 -f "host 172.19.38.5" -c 100000
-w /home/mjacobs/file.eth
When I then run tethereal for statistics, I can get the IP
conversation stats fine with:
tethereal -r /home/mjacobs/file.eth -z conv,ip
But when I run the two following commands I get segmentation
faults:
tethereal -r /home/mjacobs/file.eth -z io,phs
tethereal -r /home/mjacobs/file.eth -z io,sat,1,
"ip.src="">
Since I had run this version for quite some time capturing
millions of packets, I was quite
surprised that this happened. I then realized that the
SIP traffic in this situation was
on port 5062. So I did two captures:
tethereal -i eth0 -f "host 172.19.38.5 and not port
5062" -w nobug.eth
tethereal -i eth0 -f "host 172.19.38.5 and port
5062" -w bug.eth
Running the above -z commands, all work on the file that
excludes port 5062 and I get
segmentation faults with only port 5062.
I have attached two files in a gzipped tar file called
bug.eth and nobug.eth. Each is 100 packets long
that shows this behavior.
If this does seem to be a legitimate bug I will be happy to
enter it, but would ask if there is any
other pertinent information I would need to add that would
help please let me know what that would
be.
Regards,
Mike
