Wireshark-users: Re: [Wireshark-users] TShark Error

From: "Robert D. Scott" <robert@xxxxxxx>
Date: Wed, 17 Mar 2010 06:34:35 -0400
CygWin under windows.  The file size was in the original post, and is 500Mb.
It does appear to be file size related, as I did use editcap and cut the
file into quarters and was able to extract just the conversation I was
interested in. The cap was taken from vendor's hardware that has a dumbed
down capture utility that does not allow a capture filter.

Robert D. Scott                 Robert@xxxxxxx
Senior Network Engineer         352-273-0113 Phone
CNS - Network Services          352-392-2061 CNS Phone Tree
University of Florida           352-392-9440 FAX
Florida Lambda Rail             352-294-3571 FLR NOC
Gainesville, FL  32611          321-663-0421 Cell


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Forthofer Russ
Sent: Tuesday, March 16, 2010 5:30 PM
To: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] TShark Error

How big is your input file?   Have you tried running tshark against a small
file - or a subset of your input file? For example, use editcap to reduce
the size of the file to just a few frames and run the command again.    I
just ran a similar command (with a 160M file) and had no problem.

Can you run tshark with no parameters? 

Also - this may be a silly question, but.... your path shows forward slashes
rather than MS backslashes, but says it is running under Windows XP.    What
environment are you actually in?  I may just be mis-reading the mail.

Russ

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Robert D. Scott
Sent: Tuesday, March 16, 2010 3:15 PM
To: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] TShark Error

1.2.6 exhibits the same issue. :(    Memory?

robert@Robert /cygdrive/c/3Com/ftp
$ /cygdrive/c/Program\ Files/Wireshark/tshark -r tcpdump.fsn1-114.pcap -R
"ip.addr == 128.227.74.
45" -w tcpdump.fsn1-114-filt.pcap
Unhandled exception (group=1, code=6)

This application has requested the Runtime to terminate it in an unusual
way.
Please contact the application's support team for more information.

robert@Robert /cygdrive/c/3Com/ftp
$ /cygdrive/c/Program\ Files/Wireshark/tshark -v TShark 1.2.6 (SVN Rev
31702)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.22.3, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares
1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT
Kerberos, with GeoIP.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.8.5, Gcrypt 1.4.5.

Built using Microsoft Visual C++ 9.0 build 30729

Robert D. Scott                 Robert@xxxxxxx
Senior Network Engineer         352-273-0113 Phone
CNS - Network Services          352-392-2061 CNS Phone Tree
University of Florida           352-392-9440 FAX
Florida Lambda Rail             352-294-3571 FLR NOC
Gainesville, FL  32611          321-663-0421 Cell

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Tuesday, March 16, 2010 11:40 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] TShark Error

Hi,
Any particular reason for not using 1.2.6 or 1.0.11?
1.2.6 should contain the most fixes.

Regards
Anders
________________________________________
From: wireshark-users-bounces@xxxxxxxxxxxxx
[wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Robert D. Scott
[robert@xxxxxxx]
Sent: Tuesday, March 16, 2010 4:08 PM
To: 'Community support list for Wireshark'
Subject: [Wireshark-users] TShark Error

Any pointers?  I have two different files that throw the same error?

robert@Robert /cygdrive/c/3Com/ftp
$ tshark -r tcpdump.fsn1-114.pcap -R "ip.addr == 128.227.74.45" -w
nfs-fail-nas-2.pcap Unhandled exception (group=1, code=6)

This application has requested the Runtime to terminate it in an unusual
way.
Please contact the application's support team for more information.
$ tshark -v
TShark 1.0.6 (SVN Rev 27387)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.14.6, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with ADNS,
with Lua 5.1, with GnuTLS 2.6.3, with Gcrypt 1.4.3, with MIT Kerberos.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5.

Built using Microsoft Visual C++ 6.0 build 8804

-rwx------+ 1 robert None 465468742 2010-03-15 10:09 
-rwx------+ tcpdump.fsn1-113.pcap
-rwx------+ 1 robert None 465464756 2010-03-15 10:11 
-rwx------+ tcpdump.fsn1-114.pcap

Robert D. Scott                 Robert@xxxxxxx
Senior Network Engineer         352-273-0113 Phone
CNS - Network Services          352-392-2061 CNS Phone Tree
University of Florida           352-392-9440 FAX
Florida Lambda Rail             352-294-3571 FLR NOC
Gainesville, FL  32611          321-663-0421 Cell



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


The information contained in this e-mail and any accompanying documents is
intended for the sole use of the recipient to whom it is addressed, and may
contain information that is privileged, confidential, and prohibited from
disclosure under applicable law. If you are not the intended recipient, or
authorized to receive this on behalf of the recipient, you are hereby
notified that any review, use, disclosure, copying, or distribution is
prohibited. If you are not the intended recipient(s), please contact the
sender by e-mail and destroy all copies of the original message. Thank you.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe