Ethereal-users: [Ethereal-users] Capture file crashes Ethereal/Tethereal
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Cory Perry (SNL:434-951-7463)" <CPerry@xxxxxxx>
Date: Fri, 19 May 2006 09:19:49 -0400
I am trying to look
at a capture file but get the below error while trying to
load.
16:08:21 Err
file emem.c: line 244: assertion failed: (npc->buf != NULL)
I am using Ethereal:
0.99.0
Winpcap 3.1
(3.1.0.27)
I've also run file
through tethereal and it fails on frame 287577 with unspecified fatal error
encountered, aborting. This file is part of a group of files that are being
rotated via ring buffer. There are 2 files I am trying to look at from a
specific time frame, that get the above error. Files before and after load
ok.
Here is last frame
before error:
Frame 287577 (1304
bytes on wire, 1304 bytes captured)
Arrival Time: May 17, 2006 16:26:32.946091000
Time delta from previous packet: 0.000108000 seconds
Time since reference or first frame: 131.019467000 seconds
Frame Number: 287577
Packet Length: 1304 bytes
Capture Length: 1304 bytes
Protocols in frame: eth:ip:tcp
Ethernet II, Src: xx:yy:ww:10:55:ab (xx:yy:ww:10:55:ab), Dst: xx:zz:1a:f5:26:c3 (xx:zz:vv:f5:26:c3)
Destination: xx:zz:vv:f5:26:c3 (xx:zz:vv:f5:26:c3)
Address: xx:zz:vv:f5:26:c3 (xx:zz:vv:f5:26:c3)
.... ...0 .... .... .... .... = Multicast: This is a UNICAST frame
.... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address
Source: xx:yy:ww:10:55:ab (xx:yy:ww:10:55:ab)
Address: xx:yy:ww:10:55:ab (xx:yy:ww:10:55:ab)
.... ...0 .... .... .... .... = Multicast: This is a UNICAST frame
.... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address
Type: IP (0x0800)
Internet Protocol, Src: x.y.z.130 (x.y.z.130), Dst: u.v.w.142 (u.v.w.142)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1290
Identification: 0xb8b6 (47286)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x42d2 [correct]
Good: True
Bad : False
Source: x.y.z.130 (x.y.z.130)
Destination: u.v.w.142 (u.v.w.142)
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 30451 (30451), Seq: 3756782, Ack: 4722, Len: 1250
Source port: 80 (80)
Destination port: 30451 (30451)
Sequence number: 3756782 (relative sequence number)
Next sequence number: 3758032 (relative sequence number)
Acknowledgement number: 4722 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64923
Checksum: 0x6162 [correct]
TCP segment data (1250 bytes)
Arrival Time: May 17, 2006 16:26:32.946091000
Time delta from previous packet: 0.000108000 seconds
Time since reference or first frame: 131.019467000 seconds
Frame Number: 287577
Packet Length: 1304 bytes
Capture Length: 1304 bytes
Protocols in frame: eth:ip:tcp
Ethernet II, Src: xx:yy:ww:10:55:ab (xx:yy:ww:10:55:ab), Dst: xx:zz:1a:f5:26:c3 (xx:zz:vv:f5:26:c3)
Destination: xx:zz:vv:f5:26:c3 (xx:zz:vv:f5:26:c3)
Address: xx:zz:vv:f5:26:c3 (xx:zz:vv:f5:26:c3)
.... ...0 .... .... .... .... = Multicast: This is a UNICAST frame
.... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address
Source: xx:yy:ww:10:55:ab (xx:yy:ww:10:55:ab)
Address: xx:yy:ww:10:55:ab (xx:yy:ww:10:55:ab)
.... ...0 .... .... .... .... = Multicast: This is a UNICAST frame
.... ..0. .... .... .... .... = Locally Administrated Address: This is a FACTORY DEFAULT address
Type: IP (0x0800)
Internet Protocol, Src: x.y.z.130 (x.y.z.130), Dst: u.v.w.142 (u.v.w.142)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1290
Identification: 0xb8b6 (47286)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x42d2 [correct]
Good: True
Bad : False
Source: x.y.z.130 (x.y.z.130)
Destination: u.v.w.142 (u.v.w.142)
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 30451 (30451), Seq: 3756782, Ack: 4722, Len: 1250
Source port: 80 (80)
Destination port: 30451 (30451)
Sequence number: 3756782 (relative sequence number)
Next sequence number: 3758032 (relative sequence number)
Acknowledgement number: 4722 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64923
Checksum: 0x6162 [correct]
TCP segment data (1250 bytes)
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
C:\Program Files\Ethereal>
Here is the cap file
info.
C:\Program
Files\Ethereal>capinfos DMZCoLo_01973_20060517162537.cap
File name: DMZCoLo_01973_20060517162537.cap
File type: libpcap (tcpdump, Ethereal, etc.)
Number of packets: 840954
File size: 512000911 bytes
Data size: 498545623 bytes
Capture duration: 358.540650 seconds
Start time: Wed May 17 16:24:21 2006
End time: Wed May 17 16:30:20 2006
Data rate: 1390485.63 bytes/s
Data rate: 11123885.07 bits/s
Average packet size: 592.83 bytes
File name: DMZCoLo_01973_20060517162537.cap
File type: libpcap (tcpdump, Ethereal, etc.)
Number of packets: 840954
File size: 512000911 bytes
Data size: 498545623 bytes
Capture duration: 358.540650 seconds
Start time: Wed May 17 16:24:21 2006
End time: Wed May 17 16:30:20 2006
Data rate: 1390485.63 bytes/s
Data rate: 11123885.07 bits/s
Average packet size: 592.83 bytes
System XP Pro
SP2
3 GB
memory
Dual Xeon 3.0
GHz
________________
David "Cory"
Perry
Network Engineer III
SNL Financial LC
434-951-7463 p
cperry@xxxxxxx
_______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
- Follow-Ups:
- Re: [Ethereal-users] Capture file crashes Ethereal/Tethereal
- From: Jaap Keuter
- Re: [Ethereal-users] Capture file crashes Ethereal/Tethereal
- Prev by Date: RE: [Ethereal-users] Replacing Mailing-List by Forum !!
- Next by Date: [Ethereal-users] question regarding skinny protocol version
- Previous by thread: RE: [Ethereal-users] Replacing Mailing-List by Forum !!
- Next by thread: Re: [Ethereal-users] Capture file crashes Ethereal/Tethereal
- Index(es):