Ethereal-dev: [Ethereal-dev] Packets causing core dump

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "King, Brian" <brian.king@xxxxxxxxx>
Date: Fri, 15 Jun 2001 13:28:23 -0300
Title: Packets causing core dump

These packets were captured using "snoop" on Solaris 7 (5.7 Generic_106541-16 sun4u sparc SUNW,Ultra-4).

<<packets.snoop>>

I'm trying to read them using tethereal on another solaris 7 box (5.7 Generic_106541-06 sun4m sparc SUNW,SPARCstation-20). I can read them with snoop and they decode as RPC packets, but tethereal core dumps when it has to examine anything deeper than the headers.

e.g.
# tethereal -r packets.snoop
  1   0.000000 142.139.24.56 -> 142.139.24.63 Portmap V2 CALLIT Call XID 0x3b2acf82
  2   0.002097 142.139.24.55 -> 142.139.24.56 UDP Source port: 32771  Destination port: 46829
  3   3.180238 142.139.24.56 -> 142.139.24.63 Portmap V2 CALLIT Call XID 0x3b2acf82 dup XID 0x3b2acf82
  4   3.182724 142.139.24.55 -> 142.139.24.56 UDP Source port: 32771  Destination port: 46829
  5   9.207445 142.139.24.56 -> 142.139.24.55 Portmap V2 GETPORT Call XID 0x3b309588
  6   9.208690 142.139.24.55 -> 142.139.24.56 Portmap V2 GETPORT Reply XID 0x3b309588
  7 1038.853750 142.139.24.56 -> 142.139.24.55 UDP Source port: 32771  Destination port: 55238
  8 1041.849956 142.139.24.56 -> 142.139.24.55 UDP Source port: 32771  Destination port: 55238
  9 1047.849688 142.139.24.55 -> 142.139.24.56 Portmap V2 GETPORT Call XID 0x3b29c1d7
 10 1047.850153 142.139.24.56 -> 142.139.24.55 Portmap V2 GETPORT Reply XID 0x3b29c1d7
# tethereal -Vr packets.snoop
** ERROR **: file proto.c: line 998 (proto_tree_add_string): assertion failed: (hfinfo->type == FT_STRING)
aborting...
Abort (core dumped)

# tethereal -xr packets.snoop
  1   0.000000 142.139.24.56 -> 142.139.24.63 Portmap V2 CALLIT Call XID 0x3b2acf82

   0  ffff ffff ffff 0800 20b1 5573 0800 4500   ........ .Us..E.
  10  0078 7625 4000 0111 b5c2 8e8b 1838 8e8b   .xv%@........8..
  20  183f b6ed 006f 0064 671e 3b2a cf82 0000   .?...o.dg.;*....
  30  0000 0000 0002 0001 86a0 0000 0002 0000   ................
  40  0005 0000 0001 0000 0024 3b29 fbcd 0000   .........$;)....
  50  000d 534e 422d 4654 4f4e 2d57 4542 3900   ..SNB-FTON-WEB9.
  60  0000 0000 0000 0000 0000 0000 0000 0000   ................
  70  0000 0000 0000 0005 f3dd 0000 0002 0000   ................
  80  0000 0000 0000                            ......
....

In case it helps, I've also attached the text output of "snoop -vi packets.snoop".

<<packets.snoop.txt>>

tethereal was compiled without ethereal, and the version information is:
# tethereal -v
tethereal 0.8.18, with GLib 1.2.3, with libpcap 0.4, with libz 1.1.3, without SNMP


----------------------------------------------------------------------------

This communication (including all attachments) is intended solely for the
use of the person or persons to whom it is addressed and should be treated
as a  confidential xwave communication.  If you are not the intended
recipient, any use, distribution, printing, or copying of this email is
strictly prohibited.  If you received this email in error, please
immediately delete it from your system and notify the originator.  Your
cooperation is appreciated.

Attachment: packets.snoop
Description: Binary data

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 1 arrived at 9:13:1.20
ETHER:  Packet size = 134 bytes
ETHER:  Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER:  Source      = 8:0:20:b1:55:73, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 120 bytes
IP:   Identification = 30245
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 1 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = b5c2
IP:   Source address = 142.139.24.56, 142.139.24.56
IP:   Destination address = 142.139.24.63, 142.139.24.63
IP:   No options
IP:   
UDP:  ----- UDP Header -----
UDP:  
UDP:  Source port = 46829
UDP:  Destination port = 111 (Sun RPC)
UDP:  Length = 100 
UDP:  Checksum = 671E 
UDP:  
RPC:  ----- SUN RPC Header -----
RPC:  
RPC:  Transaction id = 992661378
RPC:  Type = 0 (Call)
RPC:  RPC version = 2
RPC:  Program = 100000 (PMAP), version = 2, procedure = 5
RPC:  Credentials: Flavor = 1 (Unix), len = 36 bytes
RPC:     Time = 15-Jun-01 12:13:01
RPC:     Hostname = SNB-FTON-WEB9
RPC:     Uid = 0, Gid = 0
RPC:     Groups = (none)
RPC:  Verifier   : Flavor = 0 (None), len = 0 bytes
RPC:  
PMAP:  ----- Portmapper -----
PMAP:  
PMAP:  Proc = 5 (Indirect call)
PMAP:  Program = 390109 (?)
PMAP:  Version = 2
PMAP:  Proc    = 0
PMAP:  Callit data = 0 bytes
PMAP:  

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 2 arrived at 9:13:1.20
ETHER:  Packet size = 74 bytes
ETHER:  Destination = 8:0:20:b1:55:73, Sun
ETHER:  Source      = 8:0:20:b1:55:77, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 60 bytes
IP:   Identification = 31097
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 255 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = b4b1
IP:   Source address = 142.139.24.55, 142.139.24.55
IP:   Destination address = 142.139.24.56, 142.139.24.56
IP:   No options
IP:   
UDP:  ----- UDP Header -----
UDP:  
UDP:  Source port = 32771
UDP:  Destination port = 46829 (Sun RPC)
UDP:  Length = 40 
UDP:  Checksum = 6D22 
UDP:  
RPC:  ----- SUN RPC Header -----
RPC:  
RPC:  Transaction id = 992661378
RPC:  Type = 1 (Reply)
RPC:  This is a reply to frame 1
RPC:  Status = 0 (Accepted)
RPC:  Verifier   : Flavor = 0 (None), len = 0 bytes
RPC:  Accept status = 0 (Success)
RPC:  
PMAP:  ----- Portmapper -----
PMAP:  
PMAP:  Proc = 5 (Indirect call)
PMAP:  Port = 855
PMAP:  Length = 0 bytes
PMAP:  

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 3 arrived at 9:13:4.38
ETHER:  Packet size = 134 bytes
ETHER:  Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER:  Source      = 8:0:20:b1:55:73, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 120 bytes
IP:   Identification = 30246
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 1 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = b5c1
IP:   Source address = 142.139.24.56, 142.139.24.56
IP:   Destination address = 142.139.24.63, 142.139.24.63
IP:   No options
IP:   
UDP:  ----- UDP Header -----
UDP:  
UDP:  Source port = 46829
UDP:  Destination port = 111 (Sun RPC)
UDP:  Length = 100 
UDP:  Checksum = 671E 
UDP:  
RPC:  ----- SUN RPC Header -----
RPC:  
RPC:  Transaction id = 992661378
RPC:  Type = 0 (Call)
RPC:  RPC version = 2
RPC:  Program = 100000 (PMAP), version = 2, procedure = 5
RPC:  Credentials: Flavor = 1 (Unix), len = 36 bytes
RPC:     Time = 15-Jun-01 12:13:01
RPC:     Hostname = SNB-FTON-WEB9
RPC:     Uid = 0, Gid = 0
RPC:     Groups = (none)
RPC:  Verifier   : Flavor = 0 (None), len = 0 bytes
RPC:  
PMAP:  ----- Portmapper -----
PMAP:  
PMAP:  Proc = 5 (Indirect call)
PMAP:  Program = 390109 (?)
PMAP:  Version = 2
PMAP:  Proc    = 0
PMAP:  Callit data = 0 bytes
PMAP:  

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 4 arrived at 9:13:4.38
ETHER:  Packet size = 74 bytes
ETHER:  Destination = 8:0:20:b1:55:73, Sun
ETHER:  Source      = 8:0:20:b1:55:77, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 60 bytes
IP:   Identification = 31100
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 255 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = b4ae
IP:   Source address = 142.139.24.55, 142.139.24.55
IP:   Destination address = 142.139.24.56, 142.139.24.56
IP:   No options
IP:   
UDP:  ----- UDP Header -----
UDP:  
UDP:  Source port = 32771
UDP:  Destination port = 46829 (Sun RPC)
UDP:  Length = 40 
UDP:  Checksum = 6D22 
UDP:  
RPC:  ----- SUN RPC Header -----
RPC:  
RPC:  Transaction id = 992661378
RPC:  Type = 1 (Reply)
RPC:  This is a reply to frame 1
RPC:  Status = 0 (Accepted)
RPC:  Verifier   : Flavor = 0 (None), len = 0 bytes
RPC:  Accept status = 0 (Success)
RPC:  
PMAP:  ----- Portmapper -----
PMAP:  
PMAP:  Proc = 5 (Indirect call)
PMAP:  Port = 855
PMAP:  Length = 0 bytes
PMAP:  

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 5 arrived at 9:13:10.41
ETHER:  Packet size = 98 bytes
ETHER:  Destination = 8:0:20:b1:55:77, Sun
ETHER:  Source      = 8:0:20:b1:55:73, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 84 bytes
IP:   Identification = 62677
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 255 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = 393d
IP:   Source address = 142.139.24.56, 142.139.24.56
IP:   Destination address = 142.139.24.55, 142.139.24.55
IP:   No options
IP:   
UDP:  ----- UDP Header -----
UDP:  
UDP:  Source port = 887
UDP:  Destination port = 111 (Sun RPC)
UDP:  Length = 64 
UDP:  Checksum = 62B6 
UDP:  
RPC:  ----- SUN RPC Header -----
RPC:  
RPC:  Transaction id = 993039752
RPC:  Type = 0 (Call)
RPC:  RPC version = 2
RPC:  Program = 100000 (PMAP), version = 2, procedure = 3
RPC:  Credentials: Flavor = 0 (None), len = 0 bytes
RPC:  Verifier   : Flavor = 0 (None), len = 0 bytes
RPC:  
PMAP:  ----- Portmapper -----
PMAP:  
PMAP:  Proc = 3 (Get port number)
PMAP:  Program = 390109 (?)
PMAP:  Version = 2
PMAP:  Protocol = 6 (TCP)
PMAP:  

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 6 arrived at 9:13:10.41
ETHER:  Packet size = 70 bytes
ETHER:  Destination = 8:0:20:b1:55:73, Sun
ETHER:  Source      = 8:0:20:b1:55:77, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 56 bytes
IP:   Identification = 31106
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 255 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = b4ac
IP:   Source address = 142.139.24.55, 142.139.24.55
IP:   Destination address = 142.139.24.56, 142.139.24.56
IP:   No options
IP:   
UDP:  ----- UDP Header -----
UDP:  
UDP:  Source port = 111
UDP:  Destination port = 887 (Sun RPC)
UDP:  Length = 36 
UDP:  Checksum = DA2D 
UDP:  
RPC:  ----- SUN RPC Header -----
RPC:  
RPC:  Transaction id = 993039752
RPC:  Type = 1 (Reply)
RPC:  This is a reply to frame 5
RPC:  Status = 0 (Accepted)
RPC:  Verifier   : Flavor = 0 (None), len = 0 bytes
RPC:  Accept status = 0 (Success)
RPC:  
PMAP:  ----- Portmapper -----
PMAP:  
PMAP:  Proc = 3 (Get port number)
PMAP:  Port = 851
PMAP:  

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 7 arrived at 9:30:20.05
ETHER:  Packet size = 74 bytes
ETHER:  Destination = 8:0:20:b1:55:77, Sun
ETHER:  Source      = 8:0:20:b1:55:73, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 60 bytes
IP:   Identification = 57533
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 255 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = 4d6d
IP:   Source address = 142.139.24.56, 142.139.24.56
IP:   Destination address = 142.139.24.55, 142.139.24.55
IP:   No options
IP:   
UDP:  ----- UDP Header -----
UDP:  
UDP:  Source port = 32771
UDP:  Destination port = 55238 (Sun RPC)
UDP:  Length = 40 
UDP:  Checksum = AA35 
UDP:  
RPC:  ----- SUN RPC Header -----
RPC:  
RPC:  Transaction id = 992571834
RPC:  Type = 1 (Reply)
RPC:  Status = 0 (Accepted)
RPC:  Verifier   : Flavor = 0 (None), len = 0 bytes
RPC:  Accept status = 0 (Success)

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 8 arrived at 9:30:23.05
ETHER:  Packet size = 74 bytes
ETHER:  Destination = 8:0:20:b1:55:77, Sun
ETHER:  Source      = 8:0:20:b1:55:73, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 60 bytes
IP:   Identification = 57537
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 255 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = 4d69
IP:   Source address = 142.139.24.56, 142.139.24.56
IP:   Destination address = 142.139.24.55, 142.139.24.55
IP:   No options
IP:   
UDP:  ----- UDP Header -----
UDP:  
UDP:  Source port = 32771
UDP:  Destination port = 55238 (Sun RPC)
UDP:  Length = 40 
UDP:  Checksum = AA35 
UDP:  
RPC:  ----- SUN RPC Header -----
RPC:  
RPC:  Transaction id = 992571834
RPC:  Type = 1 (Reply)
RPC:  Status = 0 (Accepted)
RPC:  Verifier   : Flavor = 0 (None), len = 0 bytes
RPC:  Accept status = 0 (Success)

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 9 arrived at 9:30:29.05
ETHER:  Packet size = 98 bytes
ETHER:  Destination = 8:0:20:b1:55:73, Sun
ETHER:  Source      = 8:0:20:b1:55:77, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 84 bytes
IP:   Identification = 31563
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 255 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = b2c7
IP:   Source address = 142.139.24.55, 142.139.24.55
IP:   Destination address = 142.139.24.56, 142.139.24.56
IP:   No options
IP:   
UDP:  ----- UDP Header -----
UDP:  
UDP:  Source port = 918
UDP:  Destination port = 111 (Sun RPC)
UDP:  Length = 64 
UDP:  Checksum = 364F 
UDP:  
RPC:  ----- SUN RPC Header -----
RPC:  
RPC:  Transaction id = 992592343
RPC:  Type = 0 (Call)
RPC:  RPC version = 2
RPC:  Program = 100000 (PMAP), version = 2, procedure = 3
RPC:  Credentials: Flavor = 0 (None), len = 0 bytes
RPC:  Verifier   : Flavor = 0 (None), len = 0 bytes
RPC:  
PMAP:  ----- Portmapper -----
PMAP:  
PMAP:  Proc = 3 (Get port number)
PMAP:  Program = 390109 (?)
PMAP:  Version = 2
PMAP:  Protocol = 6 (TCP)
PMAP:  

ETHER:  ----- Ether Header -----
ETHER:  
ETHER:  Packet 10 arrived at 9:30:29.05
ETHER:  Packet size = 70 bytes
ETHER:  Destination = 8:0:20:b1:55:77, Sun
ETHER:  Source      = 8:0:20:b1:55:73, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:  
IP:   ----- IP Header -----
IP:   
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 56 bytes
IP:   Identification = 57541
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 255 seconds/hops
IP:   Protocol = 17 (UDP)
IP:   Header checksum = 4d69
IP:   Source address = 142.139.24.56, 142.139.24.56
IP:   Destination address = 142.139.24.55, 142.139.24.55
IP:   No options
IP:   
UDP:  ----- UDP Header -----
UDP:  
UDP:  Source port = 111
UDP:  Destination port = 918 (Sun RPC)
UDP:  Length = 36 
UDP:  Checksum = ADE9 
UDP:  
RPC:  ----- SUN RPC Header -----
RPC:  
RPC:  Transaction id = 992592343
RPC:  Type = 1 (Reply)
RPC:  This is a reply to frame 9
RPC:  Status = 0 (Accepted)
RPC:  Verifier   : Flavor = 0 (None), len = 0 bytes
RPC:  Accept status = 0 (Success)
RPC:  
PMAP:  ----- Portmapper -----
PMAP:  
PMAP:  Proc = 3 (Get port number)
PMAP:  Port = 816
PMAP: