On Oct 9, 2003, at 1:50 AM, Per Steinar Iversen wrote:
I am trying to use ethereal 0.9.15 to capture VoIP data, a RedHat 9
machine is connected to a spanned port on a Cisco 6509. This works well
though each packet seems to be seen twice. Ethereal identifies the
traffic
as ITU-T G.711 PCMA, that is correct. However if one uses
"Tools/Statistics/RTP analysis" then ethereal hangs for a while before
crashing, it leaves behind a file in /tmp that is always 2147483647
bytes
large, the name is typically something like
/tmp/ethereal_rtp_fwdXXXXNytvOO
Is this a known problem or limitation of ethereal?
There were, I think, some bugs in the RTP analysis code that caused
crashes.
The RTP analysis code was rewritten after 0.9.15 came out, and at least
some of those bugs might have been fixed as a result; as you're running
Linux, you might be more likely to have the tools necessary to compile
a CVS snapshot - try downloading a snapshot from
http://www.ethereal.com/distribution/nightly-builds/
(get the most recent one), unpack it, run "./autogen.sh", run
"configure", and run "make".
The RTP analysis code does create temporary files in some cases; if it
created the temporary file and crashed after that, the temporary file
would not be removed. It's interesting that the size is 2^31-1 bytes
long - that might be due to a bug wherein it was continuously writing
to the file (and, as it's not using Large File Summit API's, it might
be prevented from going past the 32-bit-signed-offset limit), or just
due to that limit.