Ian wrote:
I'm a Wireshark user and not a member of this list, so apologies if
posting as a non-member is inappropriate. I will subscribe to the list
if needs be.
I have a problem capturing on Windows XP. I'm running Wireshark 0.99.4
installed using the Windows Installer package from wireshark.org
<http://wireshark.org>.
I'm using Windows XP Pro SP2 with all patches installed. I have tried
completely removing Wireshark & WinPcap, doing a double reboot, and
reinstalling but the problem remains. It is the very same issue
reported over 12 months ago here (
http://www.ethereal.com/lists/ethereal-users/200512/msg00091.html). I
also had that very same problem with Ethereal which is why I updated
to the latest Wireshark release. WinDump works fine allowing me to
start multiple captures one of the other.
I get a 50:50 chance of a hang when I start capturing. If the first
capture works the second (so far) has always failed. I have updated to
the latest NIC drivers and that hasn't fixed the problem.
My system details are XP Pro SP2, HAL Version=" 5.1.2600.2180
(xpsp_sp2_rtm.040803-2158)"
NIC=ASUSTeK/Broadcom 440x 10/100 Integrated Controller - driver
bcm4sbxp.sys V4.47
I do have a Cisco VPN client V4.0.4(B) and Microsoft Virtual PC 2004
installed, but Ethereal has been working in the past with these
products without any problems.
The fact that WinDump works OK would seem to lead one to think that
the problem lies somewhere within Wireshark and that is also what the
WinPcap FAQ's state. However the fact that the whole machine freezes
(mouse cursor stops moving, keyboard CapLock, NumLock, ScrollLock keys
no longer toggle the LED's and the reset button is the only option)
would seem to suggest that the problem in fact lies within a driver
somewhere. Maybe Wireshark is passing bad data to the WinPcap driver?
Does anyone have any suggestions as to what I might try next?
Many thanks
Ian
Thanks for this detailed report - it's helpful to get the right
information with the first mail ;-)
First of all, this is a bug related to WinPcap, as this is the place
where the system hangs (only a driver can freeze the system). Wireshark
may trigger this bug somehow, but it's really related to WinPcap and
have to be fixed there.
I guess this is a combination of WinPcap with the Cisco VPN client, as
there are other related problems with it, see:
http://wiki.wireshark.org/CaptureSetup/InterferingSoftware
You may first try to install WinPcap 4.0 beta 3 from
http://www.winpcap.org/, maybe your problem has already been fixed. If
not, try to disable the VPN client - and if doesn't help try to
deinstall it.
I'm running Virtual PC myself without any problems, so it's probably not
the cause of the problem - but who nows!
If the problems remain even with the latest WinPcap beta, please report
it to the WinPcap developers (and please report if the problem was
solved also here) ...
Regards, ULFL