"Visser, Martin (SNO)" wrote:
>
> Hi,
>
> The Ethereal 0.8.16 Win32 binary seems to be a bit unstable. I am getting
> exceptions some times. It seems to be when I capture with real-time display,
> but also I have had it when Ethereal loads the capture after stopping. (I
> loaded the new WinPcap but it has the same symptoms).
>
> Anyway, here's what DrWatson thinks of it ->
>
>
> function: <nosymbols>
> 0052feab d1e0 shl eax,1
> 0052fead a3e8226200 mov [006222e8],eax
Unfortunately the win32 binary doesn't have any symbols in it, so
the this info doesn't help very much. (Why do I do things like that!)
I can build a debug version of the win32 binary this weekend.
However, if you want to debug this problem sooner, and if you can
capture on a network that has no sensitive information:
1. Capture some packets, w/o analyzing them:
tethreal.exe -o output.cap -c 1000 (or whatever count you want)
2. Load the file in Ethereal:
ethereal.exe -r output.cap
3. Repeat 1 & 2 until you get a file that crashes Ethereal. Send us the
file.
or, to lessen the chance of capturing sensitive information.
4. Run tethereal -V on the file to find the last packet that was
analyzed
before the crash.
5. Use editcap to extract this packet *after* this packet (or a small
group
of packets on either side of the last packet, just to make sure).
6. Test Ethereal on this new, smaller file.
7. If it crashes ethereal, try to view the contents of this file with
'strings'
or any hexdump-type program. If it contains no private information, send
it to us.
--gilbert