On Wed, Oct 15, 2003 at 07:25:13PM -0700, Kaas, David D wrote:
> I connect from a Sun (2.6 or 2.7) to a Linux rehat 9 system. I start
> etheral (0.9.13) and the display opens on my sun workstation ok. I can
> start a capture but when I select Stop the capture windows closes and just
> after the packets start to appear in the ethereal windown that window also
> closes. At times another windows pops open for just a second, an error
> maybe, but closes to fast to read it. If I start a capture and selecte
> "Update list of packets in real time" both windows close as soon as the
> first packets appear.
"Windows close" usually means "Ethereal exits immediately", which
usually means "Ethereal crashes with a bad pointer dereference" or
something such as that.
If you're running Ethereal from the command line, are you getting any
"core dumped" messages?
> It runs ok if I run directly from the linux system console.
If you run it directly from the Linux console, you're running it on a
little-endian machine whose processor has no problem dereferencing
unaligned pointers. If you run it on the Sun - *regardless of whether
you're displaying to a remote machine or displaying on a Sun
workstation's console* - you're running it on a big-endian machine whose
processor traps (causing a signal that kills the process) when
dereferencing unaligned pointers.
I.e., this probably has nothing to do with whether the display is remote
or local, and everything to do with whether the machine on which you're
doing it can dereference unaligned pointers (or is big-endian, or is
running Solaris, or...) - if you had a Sun workstation on your desktop,
and were running Etheral on a Linux server, I suspect it wouldn't crash,
but would crash with the same traffic on your workstation. (The traffic
you're seeing might also be an issue - if the bug is in the dissector
for the XXX protocol, it'd show up only if you captured XXX protocol
traffic that triggered the bug.)
For better or worse, I suspect most Ethereal developers are working on
machines with x86 processors (which are little-endian processors that
have no problem dereferencing unaligned pointers), so bugs where
Ethereal derefereences unaligned pointers (or, less likely, doesn't do
the right byte-order-canonicalization) don't show up.
There may be files in "/tmp" or "/var/tmp" on your Sun with names
beginning with "ether" and having a bunch of letters and numbers after
them. Try reading those capture files in Ethereal; if the window
disappears when you try that, those files are capture files containing
packets that, due to Ethereal bugs, cause it to crash. If so, then, if
you could send us those files (note that they contain packets from your
network; try reading them on your Linux box instead, and, if you can
read them, see whether they contain any data you don't want us to read),
that'd help us try to find the bug.