Wireshark-users: Re: [Wireshark-users] Wireshark crash with WiMAX capture file

From: "Martin Mathieson" <martin.r.mathieson@xxxxxxxxxxxxxx>
Date: Mon, 11 Feb 2008 15:40:22 +0000
You were right, it does load OK on my up-to-date (linux) build.

I did notice that the expert info notes a couple of malformed SSL frames...  Could you please try to load the attached file?  I saved only the frames using the display filter 'wimasncp and not eap'.  This will indicate if the problem lies within EAP/SSL or inside wimaxasncp itself.

Another possible difference between yourself and your colleagues may be preference settings you may have.  Have you changed any SSL protocol preferences?

I still think its worth installing the very latest automated build I linked to earlier to see if the problem persists there.

I did try to run Wireshark under valgrind a few minutes ago with your capture, but it didn't get very far...





On Feb 11, 2008 3:22 PM, Martin, Jack <Jack.Martin@xxxxxxxxxxx> wrote:

You are correct, I did not build Wireshark myself – I downloaded the

official 0.99.7 version (several times just to make sure).

 

I'll attach the capture file I use but others have used 0.99.7 to open this

same capture file without any issue.  I would not be surprised if you can

open the file successfully.  Note that I have tried 4 or 5 different

capture files and each time I crash.  I do not capture the file(s)

myself, I am only trying to open a file that was captured by another

device.  Others can open this file and I can open other files that do not

contain WiMAX.

 

I can not narrow it down to a frame since when I try and open the file it

crashes before any frames are displayed.  If I disable WiMAX ASN CP

protocol I can open the file but as soon as I enable that protocol

(for example after the file is open) it crashes.

 

 

Thanks.


From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Martin Mathieson
Sent: Monday, February 11, 2008 10:13 AM


To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Wireshark crash with WiMAX capture file

 

Most likely Wireshark is crashing because of a bug in the wimaxasncp dissector.

If you are able to send (attach to a bug) a capture file that causes this problem, I can try to debug it.  You can always try to trim the message down to one frame (disable, wimaxasncp, save the displayed frames, etc until you narrow it down to the frame that causes the problem.

If you can't send in a capture file, you'll need to try to get the stack at the point where it crashes (it looks like you're using the official 0.99.7 release, so I'm guessing you didn't build Wireshark yourself).  You could try using the most recent development build from http://www.wireshark.org/download/automated/win32/, although I don't believe the wimaxasncp dissector has been changed since the release.

On Feb 11, 2008 3:02 PM, Martin, Jack <Jack.Martin@xxxxxxxxxxx> wrote:

Here's all I have … (when I open any capture file that has WiMAX R6 messages

I get the error and Wireshark closes – nothing is shown in the wireshark

window before it closes).

 

 


From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Martin Mathieson
Sent: Monday, February 11, 2008 9:56 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Wireshark crash with WiMAX capture file

 

Hi,

Could you post a capture file showing the problem?

Best add whatever details you can to bugilla (http://bugs.wireshark.org).

Martin

On Feb 11, 2008 2:36 PM, Martin, Jack <Jack.Martin@xxxxxxxxxxx> wrote:

I downloaded the latest version of Wirshark (0.99.7), but when I try and

open a capture file that has WiMAX messages (R6 messages) I get a

windows error report and Wireshark closes.  If I disable the WiMAX ASN CP

protocol I am able to open the file but obviously can not decode the

WiMAX messages.

 

I can open (and decode) files with other protocols ( AAA, SIP, GTP, etc …),

it appears as if WiMAX is the only thing I'm having trouble with.

 

Any suggestions on how to fix my issue?

 

Regards.

 



E-mail confidentiality.
--------------------------------
This e-mail contains confidential and / or privileged information belonging to Spirent Communications plc, its affiliates and / or subsidiaries. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution and / or the taking of any action based upon reliance on the contents of this transmission is strictly forbidden. If you have received this message in error please notify the sender by return e-mail and delete it from your system. If you require assistance, please contact our IT department at helpdesk@xxxxxxxxxxx.

Spirent Communications plc
Northwood Park, Gatwick Road, Crawley, West Sussex, RH10 9XN, United Kingdom.
Tel No. +44 (0) 1293 767676
Fax No. +44 (0) 1293 767677

Registered in England Number 470893
Registered at Northwood Park, Gatwick Road, Crawley, West Sussex, RH10 9XN, United Kingdom.

Or if within the US,

Spirent Communications,
26750 Agoura Road, Calabasas, CA, 91302, USA.
Tel No. 1-818-676- 2300


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

 

 



E-mail confidentiality.
--------------------------------
This e-mail contains confidential and / or privileged information belonging to Spirent Communications plc, its affiliates and / or subsidiaries. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution and / or the taking of any action based upon reliance on the contents of this transmission is strictly forbidden. If you have received this message in error please notify the sender by return e-mail and delete it from your system. If you require assistance, please contact our IT department at helpdesk@xxxxxxxxxxx.

Spirent Communications plc,
Northwood Park, Gatwick Road, Crawley, West Sussex, RH10 9XN, United Kingdom.
Tel No. +44 (0) 1293 767676
Fax No. +44 (0) 1293 767677

Registered in England Number 470893
Registered at Northwood Park, Gatwick Road, Crawley, West Sussex, RH10 9XN, United Kingdom.

Or if within the US,

Spirent Communications,
26750 Agoura Road, Calabasas, CA, 91302, USA.
Tel No. 1-818-676- 2300


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

 




E-mail confidentiality.
--------------------------------
This e-mail contains confidential and / or privileged information belonging to Spirent Communications plc, its affiliates and / or subsidiaries. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution and / or the taking of any action based upon reliance on the contents of this transmission is strictly forbidden. If you have received this message in error please notify the sender by return e-mail and delete it from your system. If you require assistance, please contact our IT department at helpdesk@xxxxxxxxxxx.

Spirent Communications plc,
Northwood Park, Gatwick Road, Crawley, West Sussex, RH10 9XN, United Kingdom.
Tel No. +44 (0) 1293 767676
Fax No. +44 (0) 1293 767677

Registered in England Number 470893
Registered at Northwood Park, Gatwick Road, Crawley, West Sussex, RH10 9XN, United Kingdom.

Or if within the US,

Spirent Communications,
26750 Agoura Road, Calabasas, CA, 91302, USA.
Tel No. 1-818-676- 2300


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


Attachment: idlemodewithpaging-noeap.pcap
Description: Binary data