I believe I found a bug that causes ethereal or tethereal to crash on
a certain packet. Here's the error message:
** ERROR **: file proto.c: line 998 (proto_tree_add_string): assertion
failed: (hfinfo->type == FT_STRING)
aborting...
Abort
The error is totally repeatable, and I think the same thing happens
in ethereal as well, but you just don't get to see the assertion
message.
With ethereal, the packet loads okay unless you're using a filter, or
click on that particular packet. With tethereal, the packet gets
displayed okay unless you're using a filter or '-V' mode.
Here's the tethereal output of the problem frame:
56808 12:49:51.5103 142 earth-1 -> 10.146.1.255 Portmap 1035 sunrpc
V2 CALLIT Call XID 0x26c4c85d
I was able to use tcpdump to extract this packet from the rest of my
trace. Then I confirmed that tethereal would still crash when asked to
display this packet with the '-V' option. It did. So, I believe I can
state the packet below dumped below will crash [t]ethereal.
12:49:51.510365 10.146.1.217.1035 > 10.146.1.255.111: udp 100 (ttl 64,
id 32342, len 128)
0x0000
4500 0080 7e56 0000 4011 e31b 0a92 01d9 E...~V..@.......
0x0010
0a92 01ff 040b 006f 006c b2dd 26c4 c85d .......o.l..&..]
0x0020
0000 0000 0000 0002 0001 86a0 0000 0002 ................
0x0030
0000 0005 0000 0001 0000 001c 3b3c dbdf ............;<..
0x0040
0000 0005 6561 7274 6800 0000 0000 0000 ....earth.......
0x0050
0000 0000 0000 ......
The host is RedHat 7.0, and here's the version info.
> tethereal -version
tethereal 0.8.18, with GLib 1.2.8, with libpcap 0.6, with libz 1.1.3,
with UCD SNMP 4.1.2
Mark