Wireshark-bugs: [Wireshark-bugs] [Bug 5750] Error while capturing packets: read error: PacketRec

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 2 Aug 2011 09:17:45 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5750

Han Tacoma <htacoma@xxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |htacoma@xxxxxxxxxxx
           Platform|x86                         |x86-64
            Version|1.4.4                       |1.4.1
         OS/Version|Windows XP                  |Windows 7

--- Comment #3 from Han Tacoma <htacoma@xxxxxxxxxxx> 2011-08-02 09:17:41 PDT ---
(In reply to comment #2)
> This is probably a WinPcap problem; see, for example:
> 
>     http://www.winpcap.org/misc/faq.htm#Q-10
> 
> Note that the FAQ in question says
> 
>     Most of the times, the problem is caused by non-standard interactions
> between the firewall and the network stack of the OS, so there not a lot to do
> on our side; the suggested remedy consists in uninstalling the firewall. 
>     Note: *uninstalling*, and not *disabling*, because some firewalls (like
> ZoneAlarm) keep having strange behaviors even when they are disabled.
> 
> Try contacting the WinPcap developers:
> 
>     http://www.winpcap.org/bugs.htm
> 
> Give them all the details, including the information about Symantec Endpoint
> Protection.

I've been using ZoneAlarm (licensed) since 2001?, and have been happy until
latest upgrade (zapSetup_100_243_000_en.exe).
It is after the upgrade I noticed tha eBay and PayPal and ZA have "Security
Alliance" and when I noticed that I tried uninstalling ZA and that has become a
nightmare.

http://i120.photobucket.com/albums/o168/LaoziSailor/Bad%20stuff%20on%20your%20computer/eBay_Problem.png

None of the rootkit, firewall or virus tools have been able to find a piece of
code that sends my IP address somewhere. This results in a spoof/phish email,
that although is so extremely well built, the links are correct, my IP address
is listed, telling me that I have requested a password reset: the subject line
is "Forgotten Password" and the only reason I know this a spoof/phish is
because eBay will allways place the same message in you eBay inbox and this is
not the case. I have reset my password from a different machine and network
just in case.

I have renewed IP addresses and I am not sure what triggers the activity and
thought that being a total newbie with Wireshark and had hoped to capture a
packet with my IP to some unkown destination when this happened:

http://i120.photobucket.com/albums/o168/LaoziSailor/Bad%20stuff%20on%20your%20computer/ZAv10Annoyances_wireshark01.png

Error while capturing packets: read error:
PacketREceivePacket failed

The machine has been running all night with no applications running other than
Wireshark. It sopped after:
Packets: 25133 Displayed: 25133 Marked:0 Dropped: 0

I have read http://wiki.wireshark.org/KnownBugs/OutOfMemory and will adjust my
settings to "Use multiple file" and set the size to 125MB.

Please let me know if I need to supply additional information.

=======================================================

*** My environment ***

C:\Program Files\Wireshark>dumpcap -v
Dumpcap 1.4.1 (SVN Rev 34476 from /trunk-1.4)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.22.4, with WinPcap (version unknown), with libz
1.2.3, without POSIX capabilities.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008).

Built using Microsoft Visual C++ 9.0 build 30729

See http://www.wireshark.org for more information.

==============================================================

Operating System           System Model
Windows 7 Ultimate (x64) Service Pack 1 (build 7601)
Install Language: English (United States)
System Locale: English (Canada)           ASUSTek Computer Inc. G60JX 

1.0
System Serial Number: A....B
Chassis Serial Number: C....7
Enclosure Type: Notebook
Processor a           Main Circuit Board b
1.60 gigahertz Intel Core i7 Q 720
32 kilobyte primary memory cache
64-bit ready
Multi-core (4 total)
Hyper-threaded (8 total)           Board: PEGATRON CORPORATION G60JX 1.0
Bus Clock: 533 megahertz
BIOS: American Megatrends Inc. 204 12/25/2009
Drives           Memory Modules c,d
479.13 Gigabytes Usable Hard Drive Capacity
243.93 Gigabytes Hard Drive Free Space

MagicISO Virtual DVD-ROM0000 [CD-ROM drive]
TSSTcorp CDDVDW TS-L633C [CD-ROM drive]

ST9500420AS [Hard drive] (500.11 GB) -- drive 0, s/n 5VJ3VG8P, SMART Status: 

Healthy           6078 Megabytes Usable Installed Memory
      Local Drive Volumes


c: (NTFS on drive 0)     426.02 GB     230.65 GB free
d: (NTFS on drive 0)     53.11 GB     13.29 GB free
      Network Drives


mounted by OE Non-Profit at 2011-08-02 9:24:35 AM
  z: \\dlink-120757\volume_1     981.86 GB     185.31 GB free

Controllers           Display
Intel(R) 5 Series 4 Port SATA AHCI Controller
Ricoh PCIe Memory Stick Host Controller
Ricoh PCIe xD-Picture Card Controller           NVIDIA GeForce GTS 360M 

[Display adapter]
Generic PnP Monitor (15.3"vis, January 2008)
Bus Adapters           Multimedia
MagicISO SCSI Host Controller
Intel(R) 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 

3B34
Intel(R) 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 

3B3C           NVIDIA High Definition Audio (4x)
Realtek High Definition Audio
Total Recorder WDM audio driver
Virus Protection [Back to Top]           new Group Policies
ESET NOD32 Antivirus 4.2
System Shield
          None discovered
Communications           Other Devices

Atheros AR8131 PCI-E Gigabit Ethernet Controller
    Auto IP Address:     169.254.60.93 / 32
    Dhcp Server:     none responded
    Physical Address:     01:02:03:04:05:06
Atheros AR9285 Wireless Network Adapter
 primary      Auto IP Address:     192.168.10.100 / 24
    Gateway:     192.168.10.1
    Dhcp Server:     192.168.10.1
    Physical Address:     01:02:03:04:05:06
Microsoft ISATAP Adapter
Microsoft Virtual WiFi Miniport Adapter
    Auto IP Address:     169.254.245.226 / 32
    Dhcp Server:     none responded
    Physical Address:     01:02:03:04:05:06
Teredo Tunneling Pseudo-Interface

Networking Dns Server:     192.168.10.1
          Ricoh 1394 OHCI Compliant Host Controller
Acronis Backup Archive Explorer
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
Microsoft Composite Battery
USB Input Device
USB 2.0 2.0M UVC WebCam
Keyboard Device Filter
HID-compliant mouse
Synaptics PS/2 Port TouchPad [Mouse]
SDA Standard Compliant SD Host Controller
Generic USB Hub (2x)
USB Composite Device
USB Root Hub (2x)
Generic volume shadow copy
pcouffin device for Amd 64 bits systems

Network Map 
IP     Device Type     Device Details     Device Roles
192.168.10.1      Router     tew-639gr     DHCP Server, Gateway, Domain Name 

Server, Web Server
192.168.10.11      Linux System     Dlink-120757 (in WORKGROUP)     Web Server, 

Print Server, Browse Master
192.168.10.100      Windows Workstation     non-profit-pc (in WORKGROUP)     

Samba Server, Print Server
192.168.10.104      Windows XP Workstation     Han1computer (in MSHOME), 

Asustek     Print Server, Browse Master
192.168.10.108          Physical Address 00:0A:E4:5B:5B:F6

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.