Ethereal-dev: Re: Capturing with Win32 was Re: [ethereal-dev] Compile problem with UCD
> I have tried using the Capture function in WIN32, but it is not very
> useable. If I capture a file, Ethereal will not load it. It will hang
> somewhere in the middle.
Just out of curiosity, what happens if you disable name resolution in
the "Display:Options" dialog box?
No change. Files captured by NetMon work, but the files I capture myself don't work at all.
If I disable Name resolution in the Start Cpature dialog that also doesn't change a thing...
I just tried to debug this situation, if I use VC++6 to debug I receive an access violation,
according to the sourcewindow in strlen().... The stacktrace is:
ETHEREAL! strlen + 32 bytes
strings() line 328 + 9 bytes
_vsnprintf(char * 0x00777e00, unsigned int 4096, char * 0x00516efc, char * 0x0012d80c) line 603 + 25 bytes
col_add_fstr(_frame_data * 0x007a78b0, int 30, char * 0x00516efc) line 694 + 33 bytes
dissect_transact_smb(const unsigned char * 0x00f510d0, int 90, _frame_data * 0x007a78b0, GNode * 0x00f48c28, GNode * 0x00f48db8, smb_info {...}, int 784, int 58, int 0, int 0) line 9326 + 28 bytes
dissect_smb(const unsigned char * 0x00f510d0, int 90, _frame_data * 0x007a78b0, GNode * 0x00f48c28, int 784) line 10181 + 89 bytes
dissect_nbss_packet(const unsigned char * 0x00f510d0, int 58, _frame_data * 0x007a78b0, GNode * 0x00f48c28, int 788) line 1538 + 28 bytes
dissect_nbss(const unsigned char * 0x00f510d0, int 54, _frame_data * 0x007a78b0, GNode * 0x00f48c28) line 1600 + 25 bytes
dissect_tcp(const unsigned char * 0x00f510d0, int 54, _frame_data * 0x007a78b0, GNode * 0x00f48c28) line 567 + 21 bytes
dissect_ip(const unsigned char * 0x00f510d0, int 34, _frame_data * 0x007a78b0, GNode * 0x00f48c28) line 1028 + 21 bytes
ethertype(unsigned short 2048, int 14, const unsigned char * 0x00f510d0, _frame_data * 0x007a78b0, GNode * 0x00f48c28, GNode * 0x00f48dcc, int 272) line 102 + 21 bytes
dissect_eth(const unsigned char * 0x00f510d0, int 14, _frame_data * 0x007a78b0, GNode * 0x00f48c28) line 239 + 37 bytes
dissect_packet(const unsigned char * 0x00f510d0, _frame_data * 0x007a78b0, GNode * 0x00f48c28) line 1116 + 19 bytes
add_packet_to_packet_list(_frame_data * 0x007a78b0, _capture_file * 0x0054a600 _cf, const unsigned char * 0x00f510d0) line 551 + 17 bytes
wtap_dispatch_cb(unsigned char * 0x0054a600 _cf, const wtap_pkthdr * 0x007a1694, int 7176, const unsigned char * 0x00f510d0) line 706 + 17 bytes
wtap_loop(wtap * 0x007a1680, int 0, void (unsigned char *, const wtap_pkthdr *, int, const unsigned char *)* 0x00492d6b wtap_dispatch_cb(unsigned char *, const wtap_pkthdr *, int, const unsigned char *), unsigned char * 0x0054a600 _cf, int * 0x0012ec90)
line 254 + 36 bytes
read_cap_file(_capture_file * 0x0054a600 _cf) line 307 + 27 bytes
do_capture(char * 0x007a1780) line 315 + 10 bytes
capture_prep_ok_cb(_GtkWidget * 0x00f4f4d0, void * 0x0079d970) line 367 + 9 bytes
What happens in dissect_transact_smb is:
if (dirn == 0) { /* Response(s) dissect code */
if (check_col(fd, COL_INFO)) {
col_add_fstr(fd, COL_INFO, "%s %s", request_val -> last_transact_command, "Response");
}
/* Build display for: Word Count (WCT) */
And it seems that every time request_val->last_transact_command is empty (the value in it displays as "")
If I change the call to col_add_fstr() to
col_add_fstr(fd, COL_INFO, "%s", "Response");
All is well and Ethereal displays the capture correct (I think ;-) )
I don't know what the value of last_transact_command should be ( I think I have an idea), but if
you need more info, contact me.
--
Andreas Sikkema
andreas.sikkema@xxxxxxxxxxx
"Any PC built after 1985 has the storage capacity to house an evil spirit,"
Rev. Jim Peasboro in http://www.weeklyworldnews.com/stories/1745.html
