Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] 3.0 hangs

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Martin Regner" <martin.regner@xxxxxxxxx>
Date: Sun, 13 Apr 2003 16:24:53 +0100
Hi Eddy,

Loading dualhome.iptrace takes approximately one second on my Win98 PC if Name resolution
is turned off. If Name resolution is turned on it takes more than 60 seconds.

You should check if you have Name resolution turned on.
Edit/Preferences.../Name resolution/

http://www.ethereal.com/faq.html#q5.30

Name resolution was turned on by default when installing Ethereal a while ago, but people were
complaining a lot that Ethereal was hanging on Windows when they read in captures or stopped
the capturing. When doing a new installation of Ethereal 0.9.11 and some earlier versions name resolution
is turned off by default, but if you have upgraded from an old version the old
preference value may remain if you didn't uninstall Ethereal before youinstalled the new version.

Ethereal doesn't use registry, but if you have installed Ethereal a while ago there might be a file
"preferences" remaining e.g. in C:/Documents and Settings/<WindowsUser>/Application Data/Ethereal.

Hopefully it should just be to change the value for "Name resolution" and press Save, Apply and OK.


-----Original Message-----
From: Eddy Quicksall <eddy_quicksall@xxxxxxxxxxx>
To: Martin Regner <martin.regner@xxxxxxxxx>
Date: Sunday, April 13, 2003 2:54 PM
Subject: RE: [Ethereal-users] 3.0 hangs


>I downloaded dualhome.iptrace. I tried the following:
>
>- open file takes 50 seconds (that may be a clue)
>- follow TCP stream works OK
>- tcp.port eq 1044 works OK
>- but, clicking on RIPv1 takes over 3 mins
>- loaded it again and same result without doing follow or tcp.port first
>- tried clicking around. Some clicks took over 3 min. Some are quick. Most
>take about 2 sec. Could not isolate this to a particular protocol because it
>was not consistent as to which would take 2 sec and which would take 2 min.
>Some take over 10 min.
>
>I may have done an XP system restore that "removed" Ethereal (I can't
>remember). When I upgraded to this Ethereal, could it be that some older
>things got left in the registry? Is there something I should look for in the
>registry?
>
>Other Answers below.
>
>Eddy
>
>-----Original Message-----
>From: Martin Regner [mailto:martin.regner@xxxxxxxxx] 
>Sent: Sunday, April 13, 2003 4:00 AM
>To: Eddy Quicksall
>Subject: Re: [Ethereal-users] 3.0 hangs
>
>Eddy Quicksall:
>
>>I loaded Ethereal version 9.11 and WinPcap version 3.0 today. It hangs if I
>>use "follow TCP stream". It also hangs if I use tcp.port eq 3260.
>> 
>>I'm using Windows XP with SP1. 
>
>
>If you just get the problem when you are doing "Follow TCP Stream" or
>Display filtering i Etheral, then I think
>it seems unlikely that the problem is related to WinPcap 3.0.
>My guess is that there could be a fault in some dissector in Ethereal. Maybe
>some packet/s in
>your captures are triggering a fault. I assume that you have done some
>capturing and then apply
>"Follow TCP Stream" or use a display filter for "tcp.port eq 3260".
>
>If you load one of the sample captures from http://www.ethereal.com/sample/
>and use "Follow TCP Stream" or "tcp.port eq 3260" do you get a hanging then?
>
>Have you used Ethereal with another version of WinPcap before and not
>noticed problems?
>[Eddy] I have used Ethereal before on this computer without any problem.
>They used an earlier version of WinPcap but this time, I downloaded them
>together.
>
>Is it possible for you to do capturing without problems when not using
>display filters or similar?
>[Eddy] capture without using filters works OK.
>
>Do you get a hanging only when the filter is for tcp port 3260 or also for
>other port values?
>[Eddy] Other ports too. See above.
>
>You could try to disable certain protocols in Ethereal and see if you still
>get the problem.
>[Eddy] Given my tests at the top, do you think I should still try this?
>
>You can start with disabling the iSCSI protocol since tcp port 3260 is the
>default port for iSCSI.
>You can do this from the menu item Edit/Protocols....
>Find "iSCSI" in the list  (almost in the bottom of the list) and click on it
>so that it is marked as "Disabled" and 
>then "Apply" and "OK".
>Try again to use "Follow TCP Stream".
>Note: Disabling a protocol from Edit/Protocols... will not disable it on a
>premanent basis. You'll have to do this
>every time yous start Ethereal.
>
>There is another way of disabling iSCSI dissection and that is to change the
>"Target port" value from 3260 to 0
>in the iSCSI preference settings (Edit/Preferences.../Protocols/iSCSI). 
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube