Wireshark-bugs: [Wireshark-bugs] [Bug 1263] New: Wireshark crashes while capturing packets

Date: Thu, 7 Dec 2006 15:22:58 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1263

           Summary: Wireshark crashes while capturing packets
           Product: Wireshark
           Version: 0.99.4
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: High
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: cgf671@xxxxxxxxx


Build Information:
Version 0.99.4 (SVN Rev 19757)

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown), with
libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.3.1, with ADNS, with Lua 5.1,
with
GnuTLS 1.5.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio <= V18, with
AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 3.1
(packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x], without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804
--
While trying to run captures on 2 seperate XP SP2 PC's, I have this issue:  in
a DOS screen (box) - 
16:07:05          Err  file emem.c: line 291: assertion failed: (npc->buf !=
NULL)

Press any key to exit

Then in a windows dialog box - 
C++ runtime error
this application has requested the Runtime to terminate it in an unusual way.
Please contact the app support team.

This happens everytime I start a new capture.  Anywhere from 5 to 20 minutes
into the capture.  We have a high priority app that is experiencing slowness,
so we are attempting to run captures with these parameters:  100 meg file size,
overwrite after 100 files, filtering out ports 22, 3389, 5800, 5900, 4044, and
4045.  We want these caps to run for a while so that we can go back to them
when the report of trouble comes along - instead of scrambling to get something
running when the report comes in.  While not really relevant to solving the
issue, just background as to why we have the cap's set up that way.

These are freshly built(installed) PC's (all 3 by me), only XP SP2 and all
current critical updates and wireshark have been installed.  The drives were
formatted and repartitoned before installing the OS.  They have 2 NIC's - one
for us to RDP into and the other is the monitor port for a Cisco SPAN session. 
There are actually 3 PC's for this purpose - the 3rd is working fine.

I can provide (or at least do my best) any other info you need - I just don't
know what to send right now.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.