> On occasion, I can't open Sniffer trace files with Ethereal. The
> application goes into a Not Responding mode and the trace never loads. Does
> anyone have any suggestions or ideas on this?
Idea 1: Ethereal might be temporarily blocked trying to do a translation
of an IP address to a host name, in which case it'll *eventually* load
the trace.
If you run Ethereal with the "-n" command-line flag, or turn off the
"Enable network name resolution" option from the "Open Capture File"
dialog box, that will clear up that problem. If that doesn't clear it
up, the problem is probably not a name resolution.
Idea 2: the problem might have nothing to do with the code to read
Sniffer files, and might just be a bug in an Ethereal dissector where
the dissector loops infinitely, in which case a native (libpcap) trace,
or a snoop trace, or... containing packets of the sort that trigger the
bug would show the same problem.
In that case, we wouldn't be able to diagnose the problem without
knowing where Ethereal is looping. This would require either that
1) we get a copy of one of the trace files that Ethereal can't
open
or
2) we get a stack trace of Ethereal, which could be done by
attaching a debugger to it *IF* you have an appropriate
debugger (gdb or other native debugger for various flavors of
UNIX including Linux and the BSDs, Microsoft Visual C++'s
debugger for Windows) *and* have a version of Ethereal with a
debugger symbol table (which you might not have if you
installed a binary package of Ethereal).
Idea 3: there might be a bug in the Sniffer file reading code that
causes such a loop. In this case, we *might* be able to find it by
reading the code, but the suggestions from idea 2 would probably help.