Ethereal-users: Re: [Ethereal-users] reassemble.c failure

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>
Date: Tue, 20 May 2003 20:53:37 +1000
Can you try tethereal on the capture and see it tethereal also aborts.
If so, can you try tcpdump, snoop or windump on the capture to see what
protocol
the packet causing the abort consists of.
It should the packet after the last one printed by tethereal.
By knowing which protocol dissector generates the abort will allow us to
pinpoint better where in the code the
abort occurs.

If tethereal does no cause the abort, can you try
to cut frames off from the beginning and the end of the capture until it is
small enough
and if it does not contain sensitive data send it to the list or myself?


If the capture is sensitive and can not be distributed,
can you compile ehtereal from sources and change the code in reassembly.c
where the gassert abort
occurs to generate a core dump instead. Like adding (int *)0=5; to the line
just prior to the gassert
and then using gdb get a stack backtrace so we can see from where the
reassembly routing was called and see if there is any
missing sanity checks that need to be added.



----- Original Message -----
From: "David Fay (LMI)"
Cc: <david.fay@xxxxxxxxxxxx>
Sent: Tuesday, May 20, 2003 8:37 PM
Subject: [Ethereal-users] reassemble.c failure


> Hello,
>
> I am having problems opening a snoop file called int8. The error message I
am getting is:
> ** ERROR **: file ethereal-0.9.11/reassemble.c: line 739
(fragment_add_seq_work)
> : assertion failed: (fd_head->len >= dfpos + fd->len)
> aborting...
> Aborted
>
> Any suggestions?
>
> Regards,
> David
>
> David Fay
> Network Design Consultant
>
> Network Consulting & Managed Services
> Global Services Delivery Centre (Dublin)
> Ericsson Services Ireland
> Adelphi Centre, Tel: +353 1 2362038
> Upper Georges Street, ECN: 830 42038
> Dun Laoghaire, Fax: +353 1 2362575
> Co. Dublin. Mobile: +353 87 9190417
> E-mail: david.fay@xxxxxxxxxxxx
> Web: http://esi.eei.ericsson.se/offer/ncms.shtml
>
>
>
>
> -----Original Message-----
> From: Breen Mullins [mailto:bmullins@xxxxxxxxxx]
> Sent: Wednesday, March 05, 2003 11:10 PM
> To: Bob Lesser
> Cc: Ethereal-users@xxxxxxxxxxxx
> Subject: Re: [Ethereal-users] Ethereal i586 vs. i386 rpm
>
>
> On Wed, 2003-03-05 at 14:59, Bob Lesser wrote:
> > Even though that might be an obvious response, I am unable to locate an
> > Ethereal rpm for i586. I can only locate an rpm for i386.
> >
> > Any help here is appreciated.
>
> If you'd like an i586 -- or an i686 -- rpm, just grab a source
> rpm from ftp://ftp.ethereal.com/pub/ethereal/rpms/ and make
> your own binary:
>
> rpm --rebuild --target i586 ethereal-0.9.9-1.7.2.src.rpm
>
> Breen
>
> --
> Breen Mullins
> SQA Engineer
> Asante Technologies, Inc.
> 800-622-9686x323
> <bmullins@xxxxxxxxxx>
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users