J.Smith wrote:
>I seem to be having some problems with the 'TCP Stream Analysis' graphs with
>the attached tracefile, which is just a simple trace of a http session,
>retrieving the google web page. When I choose the roundtrip time graph,
>everything works as expected, but when choosing any of the other graphs,
>ethereal seems to hang completely.
>
>I have successfully reproduced this on my Windows 98SE installation using
>Ethereal 0.9.8, and on my linux system using a development snapshot taken
>somewhere in between 0.9.7 and 0.9.8.
>
>I have provided the tracefile, and the backtraces from my linux system. If
>anyone needs any additional info, please don't hesitate to let me know.
I noticed that the time stamps are incorrect for certain frames, resulting in negative time
differences between packets. I guess that even if the hanging problem is solved you will get
very strange results for the TCP analysis if you don't get rid of the timestamp problem.
I assume you maybe were using WinPcap 2.3 on Win98 to do the capturing.
http://www.ethereal.com/faq.html#q5.9
http://www.ethereal.com/lists/ethereal-users/200212/msg00113.html
http://www.ethereal.com/lists/ethereal-users/200212/msg00114.html
Maybe it is the negative time difference that is not handled by the TCP stream analysis currently.
When I printed the capture to file and used text2pcap to generate another capture file I didn't get any hanging,
but then the TCP steram analysis didn't give any interesting information (same time for all packets).
I also noticed that I got hangings for Statistics/IO/IO-Stat with the original capture, but not with the
modified capture.
