Ethereal-users: Re: [Ethereal-users] ethereal FDDI void freme from tcpdump capture
> I'm trying to use ethereal to display FDDI packets captured by
> tcpdump.
The tcpdump that comes with Digital^H^H^H^H^H^H^HTru64 UNIX, or the one
from tcpdump.org (built with the libpcap that comes from tcpdump.org)?
At one point, the Digital UNIX tcpdump wrote out capture files that I
couldn't even read with tcpdump on other machines.
At least for Ethernet captures, the DU 4.0F tcpdump seems to produce
stuff Ethereal can read, however.
If the captures are from the native tcpdump, could you send us one of
the problematic FDDI captures, so we can see if it's some sort of
non-standard capture (e.g., if they've stuck padding on the front of the
FDDI header *in the capture file* to pad it to a multiple of 2 or 4
bytes - which would make it unreadable even by standard *tcpdump*)?
> 1. I do not want ethereal to display anything when it's just capturing
> to a log file but I have not found a way to prevent the graphical
> display
Ethereal is a GUI program, so there's no way to prevent the graphical
display; if you want to do captures in the background, rather than
interactively, use tcpdump or Tethereal.
> 2. when two ethereals are running on the same system the second
> occasionally displays "malformed address"
I don't see anything in the Ethereal source to display that; could you
show us the full, precise message?
> 3. the second ethereal occasionally core dumps:
>
> tcpdump: Using kernel BPF filter
>
> ** ERROR **: file tvbuff.c: line 399 (compute_offset_length): assertion
> failed:
> (length >= -1)
> aborting...
> # file core*
> core.ethereal.v19.s1021.0: core dump, generated from 'ethereal.v19'
Have you tried running a debugger on the core dump? Without that, we
can't guess why it might be crashing.
