Wireshark-users: Re: [Wireshark-users] wireshark on win7 x64

From: Jeff Sawatzky <jeff.sawatzky@xxxxxxxxxxxxxxxx>
Date: Sat, 14 Nov 2009 14:03:16 -0500
I figured out why wirehsark is crashing on me.  It has to do with the following bug:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4172
 
I rolled back the marvell driver and now everything works fine...

On Tue, Nov 10, 2009 at 3:00 PM, <wireshark-users-request@xxxxxxxxxxxxx> wrote:
Send Wireshark-users mailing list submissions to
       wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
       https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
       wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
       wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

  1. Re: running multiple instances (Guy Harris)
  2. Re: running multiple instances (Nicole Powell)
  3. wireshark on win7 x64 (Jeff Sawatzky)
  4. Re: running multiple instances (Guy Harris)
  5. Re: wireshark on win7 x64 (Gerald Combs)
  6. Can Wireshark recognize GigE Vision protocol? (Kevin)


----------------------------------------------------------------------

Message: 1
Date: Tue, 10 Nov 2009 09:24:23 -0800
From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] running multiple instances
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <FD3A68E0-71CC-4DA2-96D6-59419D696F2F@xxxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Nov 9, 2009, at 1:21 PM, Nicole Powell wrote:

> When I try this it gives an application error and shuts down Tshark.
> I tried these two commands on a smaller file (144KB) and it works
> fine; the file I am trying to use now is 4.59MB. Could it be the
> file size?

Yes, it could be.  There are some cases where TShark keeps information
around in memory even after it's no longer needed (because TShark and
Wireshark use the same dissector code and dissector framework, and, in
Wireshark, that information could be needed as long as the file is
open), so it can use a significant amount of memory on a large file.


------------------------------

Message: 2
Date: Tue, 10 Nov 2009 12:33:42 -0500
From: Nicole Powell <mznikkip@xxxxxxxxxxx>
Subject: Re: [Wireshark-users] running multiple instances
To: <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <SNT103-W25EE873C1CA64D82CC3ED3C6AB0@xxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


Could it also relate to cap vs. pcap file? I tried 145KB .cap file and it ran fine but a 130KB .pcap file stalls tshark as well. In addition, these commands are done using Python and that's when the errors occurs. If I perform the commands from the command prompt, it runs fine.

>From the desk of Nicole  A. Powell.....






> From: guy@xxxxxxxxxxxx
> To: wireshark-users@xxxxxxxxxxxxx
> Date: Tue, 10 Nov 2009 09:24:23 -0800
> Subject: Re: [Wireshark-users] running multiple instances
>
>
> On Nov 9, 2009, at 1:21 PM, Nicole Powell wrote:
>
> > When I try this it gives an application error and shuts down Tshark.
> > I tried these two commands on a smaller file (144KB) and it works
> > fine; the file I am trying to use now is 4.59MB. Could it be the
> > file size?
>
> Yes, it could be.  There are some cases where TShark keeps information
> around in memory even after it's no longer needed (because TShark and
> Wireshark use the same dissector code and dissector framework, and, in
> Wireshark, that information could be needed as long as the file is
> open), so it can use a significant amount of memory on a large file.
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091110/340ec0ef/attachment.html

------------------------------

Message: 3
Date: Tue, 10 Nov 2009 12:57:57 -0500
From: "Jeff Sawatzky" <jeff.sawatzky@xxxxxxxxxxxxxxxx>
Subject: [Wireshark-users] wireshark on win7 x64
To: <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <4af9a9a8.1358560a.5903.3407@xxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

Hello,



I have installed wireshark 1.2.3 (which comes with winpcap 4.1.1) on a
windows 7 x64 machine.  Everything seems to be installed correctly, but when
I launch wireshark I see the loading screen and then it disappears and the
wireshark process exits.  Anyone know why this is happening, or how I can
track down the problem further?



Thanks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091110/ba34e6e0/attachment.htm

------------------------------

Message: 4
Date: Tue, 10 Nov 2009 10:19:35 -0800
From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] running multiple instances
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <C1EDEFCF-5DD9-46F1-9A82-2009849857EE@xxxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Nov 10, 2009, at 9:33 AM, Nicole Powell wrote:

> Could it also relate to cap vs. pcap file? I tried 145KB .cap file
> and it ran fine but a 130KB .pcap file stalls tshark as well.

What is a ".cap file"?  There are at least two Windows packets I know
of (Windows Sniffer and Microsoft Network Monitor) that use ".cap" as
a suffix, and their file formats are different.  Furthermore, there
are probably at least some libpcap-format files that have ".cap" as
the suffix.

In any case, the chances that it's an issue with the file format are
extremely slim; it's probably a problem with the packets in the file.

Also, "stalls" and "gives an application error and shuts down" are
different problems.

> In addition, these commands are done using Python and that's when
> the errors occurs. If I perform the commands from the command
> prompt, it runs fine.

(Perform them from the command prompt with the same file?)

If you run them from Python, the Python interpreter and at least one
instance of TShark are running at the same time.  If you ran Python
from the command line, the command-line shell, the Python interpreter,
and at least one instance of TShark are running at the same time.

If you run them from the command line, the command-line shell and at
least one instance of TShark are running at the same time, but you're
not running Python.  Perhaps the Python interpreter is taking enough
memory that you run out of swap/paging space, and thus cause attempts
by TShark to allocate memory to fail?

(This assumes the application error is a failure to allocate memory.)



------------------------------

Message: 5
Date: Tue, 10 Nov 2009 10:34:13 -0800
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] wireshark on win7 x64
To: Community support list for Wireshark
       <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <4AF9B225.1010309@xxxxxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8

Jeff Sawatzky wrote:
> I have installed wireshark 1.2.3 (which comes with winpcap 4.1.1) on a
> windows 7 x64 machine.  Everything seems to be installed correctly, but
> when I launch wireshark I see the loading screen and then it disappears
> and the wireshark process exits.  Anyone know why this is happening, or
> how I can track down the problem further?

Do you have a Marvell Yukon NIC? If so, the problem will be fixed in
1.2.4 which is scheduled to be released next Monday (November 16). In
the meantime you should be able to work around the problem by installing
1.0.10 or a recent development build from
http://www.wireshark.org/download/automated/

See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4155#c33 for
details.


------------------------------

Message: 6
Date: Tue, 10 Nov 2009 14:28:12 -0500
From: Kevin <kd8341@xxxxxxxxx>
Subject: [Wireshark-users] Can Wireshark recognize GigE Vision
       protocol?
To: wireshark-users@xxxxxxxxxxxxx
Message-ID:
       <175e20420911101128u79459f4dj4a13667799d2885e@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

Hi, all:

I am new to WireShark, and just wondering:

Can the wireshark recognize GigE Vision protocol? Or is there WireShark
add-on for GVCP or GVSP analysis?

Thanks!

Regards,
Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091110/6313dfe4/attachment.htm

------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 42, Issue 24
***********************************************