Ethereal-users: Re: [Ethereal-users] Follow TCP kept hanging on SMTP session

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 28 Mar 2002 14:21:50 -0800
On Thu, Mar 28, 2002 at 09:00:11PM +0800, darren wrote:
> I got this particular SMTP session that I captured with Ethereal and
> kept hanging it when I tried to "Follow TCP Stream".
> 
> I tried it with both 0.9.1 in WinXP and 0.9.2 in RedHat 7.2 and it
> crashed the prog (ethereal) in both cases.

Hang, or crash?  ("Crash" means "died with a signal"; "hang" means "got
stuck forever".)

Does it also hang, or crash, if, for example, you try applying the
display filter "smtp"?  If so, there's probably a bug in some dissector;
we'd either need a copy of the capture file, or a stack trace (if it's a
hang rather than a crash, try running Ethereal from the command line on
Linux, and typing control-backslash on Linux in the terminal window when
it hangs; that should force a crash) in order to start trying to debug
it.

> Also, TCPFlow, which claims it can reconstruct libpcap files cannot seem
> to be able to recon some of ethereal files saved as tcpdump format,
> error was, unknown file format. Any clues?

"Unknown file format", or "bad dump file format"?

I'd probably have to see the capture file to see what the problem is.