Wireshark-dev: [Wireshark-dev] Wireshark 0.99.4 totally hangs XP Pro SP2

From: Ian <ianc.uk@xxxxxxxxx>
Date: Fri, 5 Jan 2007 20:45:18 +0000

I'm a Wireshark user and not a member of this list, so apologies if posting as a non-member is inappropriate. I will subscribe to the list if needs be.

I have a problem capturing on Windows XP. I'm running Wireshark 0.99.4 installed using the Windows Installer package from wireshark.org.

I'm using Windows XP Pro SP2 with all patches installed. I have tried completely removing Wireshark & WinPcap, doing a double reboot, and reinstalling but the problem remains. It is the very same issue reported over 12 months ago here ( http://www.ethereal.com/lists/ethereal-users/200512/msg00091.html). I also had that very same problem with Ethereal which is why I updated to the latest Wireshark release. WinDump works fine allowing me to start multiple captures one of the other.

I get a 50:50 chance of a hang when I start capturing. If the first capture works the second (so far) has always failed. I have updated to the latest NIC drivers and that hasn't fixed the problem.

My system details are XP Pro SP2, HAL Version=" 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
NIC=ASUSTeK/Broadcom 440x 10/100 Integrated Controller - driver bcm4sbxp.sys V4.47
I do have a Cisco VPN client V4.0.4(B) and Microsoft Virtual PC 2004 installed, but Ethereal has been working in the past with these products without any problems.

The fact that WinDump works OK would seem to lead one to think that the problem lies somewhere within Wireshark and that is also what the WinPcap FAQ's state. However the fact that the whole machine freezes (mouse cursor stops moving, keyboard CapLock, NumLock, ScrollLock keys no longer toggle the LED's and the reset button is the only option) would seem to suggest that the problem in fact lies within a driver somewhere. Maybe Wireshark is passing bad data to the WinPcap driver?

Does anyone have any suggestions as to what I might try next?

Many thanks
Ian