All,
I wish I could give you the capture file that causes this...but there's sensitive data in it. There wasn't anything out of the ordinary in terms of network traffic, just some DHCP, ICMP, ARP, DNS & HTTP traffic. The file is about 460k long, shorter files don't appear to cause the same problem.
Here are the interesting pieces of data that I collected with the file:
- statistics of the file are included in the attached hanging_capture_summary.jpg
- capture was done with 0.9.0.9 ethereal with a windows box running the latest pcap s/w (winpcap 3.0)
- hang seems to occur much more often when ethereal is started
- opening the file without mac name resolution doesn't cause ethereal to hang
- if I remove the 2 ARP's (display filter: !arp, then save only displayed packets,then close ethereal & re-open with the new "arp-less" file) ethereal doesn't hang (the two arp's are attached as 2arp.pcap, they were packets # 920 & 921 of 958 total packets)
- removing colorizing filters doesn't change the behavior
I did however capture the following network traffic which would appear to be generated by ethereal causing it to hang. These attempts are quite fast and consume the processor on my windows 2k box (latest SP's installed).
Please let me know if there's any additional tests that you'd like me to perform with this file.
Regards,
Dale Schaafsma
attached files:
Attachment:
hanging_capture_summary.jpg
Description: JPEG image
Attachment:
2arp.pcap
Description: Binary data
Attachment:
traffic_while_hung.pcap
Description: Binary data