Wireshark · Wireshark-dev: Re: [Wireshark-dev] Tshark ver 0.99.6 crashed whole system 4th time while using display-filter optio

Wireshark-dev: Re: [Wireshark-dev] Tshark ver 0.99.6 crashed whole system 4th time while using

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 11 Jun 2008 10:31:30 -0700

Moheed Moheed Ahmad wrote:

My system mets serious crashes while running tshark using displayfilters and goes to *KGDB.*

Then there's probably a bug either in the kernel or in some kernelloadable module. I'd suggest reporting this to MontaVista.

It's possible, but *EXTREMELY* unlikely, that TShark is doing somethingas root that can cause a crash that it couldn't do if not running asroot. It's *FAR* more likely that the crash is just due to a bug insome kernel-mode code.

 a) I was running tshark (version 0.99.6) as a root

If you run TShark 1.0, it doesn't run as root - instead, it runs dumpcapto do the capturing, and, while dumpcap does have to *start* running asroot on Linux (and should be set-UID to root on Linux), it runs as rootas little as possible. Try installing 1.0 and *not* running as root; ifyou still have crashes, report them to MontaVista.

References:
- [Wireshark-dev] Tshark ver 0.99.6 crashed whole system 4th time while using display-filter option
  - From: Moheed Moheed Ahmad

Prev by Date: Re: [Wireshark-dev] Tshark ver 0.99.6 crashed whole system 4th time while using display-filter option
Next by Date: Re: [Wireshark-dev] Return -1 from a heuristic dissector
Previous by thread: Re: [Wireshark-dev] Tshark ver 0.99.6 crashed whole system 4th time while using display-filter option
Next by thread: [Wireshark-dev] Return -1 from a heuristic dissector
Index(es):
- Date
- Thread