Ethereal-users: RE: [Ethereal-users] Follow TCP kept hanging on SMTP session

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "darren" <teodarren@xxxxxxxxx>
Date: Sun, 31 Mar 2002 21:39:51 +0800
Hi all,

My problem with following SMTP is solved after I upgraded from 0.9.1 to
0.9.2.

The program (0.9.1) exits every time I do a filter with "smtp".

As for the TCPFlow prob, its solved now, TCPFlow does not support
802.11, so I added an extra handler for it (ugly patch).

I was wondering if future releases of Ethereal will support message
reconstruction and packet assembly. I do lots of traffic troubleshooting
and have to switch btn Ethereal and TCPflow all the time.

Regards
darren
-----Original Message-----
From: ethereal-users-admin@xxxxxxxxxxxx
[mailto:ethereal-users-admin@xxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Saturday, March 30, 2002 5:42 AM
To: darren
Cc: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Follow TCP kept hanging on SMTP session

On Fri, Mar 29, 2002 at 11:35:04PM +0800, darren wrote:
> The proggie crashed while following the session (exited in linux, and
> caused a "bad instruction at 0xXXX in WinXP).

Do you mean "exited", or do you mean "dumped core"?

I.e., if you run it from a shell prompt in, say, an xterm, do you get a
"core dumped" message?

> Is TCPFlow suppose to work with ethereal files?

"Ethereal files" are just supposed to be standard tcpdump files.

Note that

	1) that's *standard* tcpdump files, not the non-standard ones
	   used on some flavors of Linux - but the libpcap on those
	   flavors of Linux should, in most cases, be able to read
	   standard tcpdump files as well as non-standard ones - or
	   generated by some Nokia devices;

	2) there *is* a bug in Ethereal 0.9.2 that causes it to generate
	   tcpdump files with a snapshot length of 0, which may cause
	   problems with running packet filters on those files, but
	   shouldn't cause them to be reported as a "bad dump file
	   format".

> Any particular things to take note of while saving?

Just make sure you save them in "libpcap (tcpdump, Ethereal, etc.)"
format.

> It did not work with all my ethereal files (not just this one with the
> SMTP prob).

Then I'd need to see one of those files to see why it might not be
readable by some applications that read tcpdump files.

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com