Wireshark-users: Re: [Wireshark-users] TShark Error

From: Forthofer Russ <Russ.Forthofer@xxxxxxxxx>
Date: Tue, 16 Mar 2010 17:29:39 -0400
How big is your input file?   Have you tried running tshark against a small file - or a subset of your input file? For example, use editcap to reduce the size of the file to just a few frames and run the command again.    I just ran a similar command (with a 160M file) and had no problem.

Can you run tshark with no parameters? 

Also - this may be a silly question, but.... your path shows forward slashes rather than MS backslashes, but says it is running under Windows XP.    What environment are you actually in?  I may just be mis-reading the mail.

Russ

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Robert D. Scott
Sent: Tuesday, March 16, 2010 3:15 PM
To: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] TShark Error

1.2.6 exhibits the same issue. :(    Memory?

robert@Robert /cygdrive/c/3Com/ftp
$ /cygdrive/c/Program\ Files/Wireshark/tshark -r tcpdump.fsn1-114.pcap -R "ip.addr == 128.227.74.
45" -w tcpdump.fsn1-114-filt.pcap
Unhandled exception (group=1, code=6)

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

robert@Robert /cygdrive/c/3Com/ftp
$ /cygdrive/c/Program\ Files/Wireshark/tshark -v TShark 1.2.6 (SVN Rev 31702)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.22.3, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, with GeoIP.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.1 (packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 2.8.5, Gcrypt 1.4.5.

Built using Microsoft Visual C++ 9.0 build 30729

Robert D. Scott                 Robert@xxxxxxx
Senior Network Engineer         352-273-0113 Phone
CNS - Network Services          352-392-2061 CNS Phone Tree
University of Florida           352-392-9440 FAX
Florida Lambda Rail             352-294-3571 FLR NOC
Gainesville, FL  32611          321-663-0421 Cell

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Tuesday, March 16, 2010 11:40 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] TShark Error

Hi,
Any particular reason for not using 1.2.6 or 1.0.11?
1.2.6 should contain the most fixes.

Regards
Anders
________________________________________
From: wireshark-users-bounces@xxxxxxxxxxxxx
[wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Robert D. Scott [robert@xxxxxxx]
Sent: Tuesday, March 16, 2010 4:08 PM
To: 'Community support list for Wireshark'
Subject: [Wireshark-users] TShark Error

Any pointers?  I have two different files that throw the same error?

robert@Robert /cygdrive/c/3Com/ftp
$ tshark -r tcpdump.fsn1-114.pcap -R "ip.addr == 128.227.74.45" -w nfs-fail-nas-2.pcap Unhandled exception (group=1, code=6)

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
$ tshark -v
TShark 1.0.6 (SVN Rev 27387)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.14.6, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with ADNS, with Lua 5.1, with GnuTLS 2.6.3, with Gcrypt 1.4.3, with MIT Kerberos.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5.

Built using Microsoft Visual C++ 6.0 build 8804

-rwx------+ 1 robert None 465468742 2010-03-15 10:09 
-rwx------+ tcpdump.fsn1-113.pcap
-rwx------+ 1 robert None 465464756 2010-03-15 10:11 
-rwx------+ tcpdump.fsn1-114.pcap

Robert D. Scott                 Robert@xxxxxxx
Senior Network Engineer         352-273-0113 Phone
CNS - Network Services          352-392-2061 CNS Phone Tree
University of Florida           352-392-9440 FAX
Florida Lambda Rail             352-294-3571 FLR NOC
Gainesville, FL  32611          321-663-0421 Cell



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


The information contained in this e-mail and any accompanying documents is intended for the sole use of the recipient to whom it is addressed, and may contain information that is privileged, confidential, and prohibited from disclosure under applicable law. If you are not the intended recipient, or authorized to receive this on behalf of the recipient, you are hereby notified that any review, use, disclosure, copying, or distribution is prohibited. If you are not the intended recipient(s), please contact the sender by e-mail and destroy all copies of the original message. Thank you.