[Gerald Combs <gerald@xxxxxxxx>]

On Sun, 2 Jan 2000, Guy Harris wrote:

> > (and i'm positive that the frames are traversing the interface i'm
> > tracing,  they show up in tcpdump, for example)
> 
> What happens if you build tcpdump with the version of libpcap with which
> Ethereal is linked?  Does it show those frames?

I can duplicate this behavior by running Ethereal remotely.  In each
case below, Ethereal is being run on the remote machine, and displayed
locally using X-over-ssh.  The remote Linux machine is running RedHat 6.1.

- While running on a remote Linux machine with an unpatched libpcap
  Ethereal freezes.  'strace' shows the program hanging on a recvfrom()
  on the capture socket.

- Under Linux with a patched libpcap Ethereal is responsive, but no
  packets show up in the statistics window.  'strace' shows that each
  call to select() on the capture socket returns 0.

- Remote Solaris and OpenBSD sessions behave normally.

- When I add a capture filter to exclude the host name and port number
  in $SSH_CLIENT, everything works as expected.

- At the time the problem with Ethereal is occurring, tcpdump appears
  to capture packets just fine.

The problem doesn't appear to be limited to remote sessions.  Another user
indicated in private email that he sees the same thing while running
locally.

I'm stumped at this point.