ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 3333] New: ring buffer runtime crash when wireshark gui ge

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 14 Mar 2009 21:03:17 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3333

           Summary: ring buffer runtime crash when wireshark gui gets too
                    far behind dumpcap
           Product: Wireshark
           Version: 1.1.x (Experimental)
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jyoung@xxxxxxx


Build Information:
Version 1.1.3-SVN-27719 (SVN Rev 27719)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.14.7, with GLib 2.18.4, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.6.4, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Mar 13 2009), with
AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS 2.6.4,
Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Hello,

Under certain conditions when Wireshark's "Ring buffer" feature is enabled
Wireshark will suffer a runtime failure and display a typical Window's error
dialog:  

> "Wireshark has encountered a problem and needs to close."  

If Wireshark is configured to "Update list of packets in real time" and the
"Use multiple files" option is enabled along with the "Ring buffer with" option
is enabled and if the Wireshark GUI is slower in processing the ring buffer
files than dumpcap is in generating them, then at some point dumpcap could
attempt to delete a file that the Wireshark GUI is in the process of processing
or has not yet processed.

While the problem appears to be more likely to occur on slower Windows XP
computers I have been able to replicate this problem on faster Windows XP
systems by simply choosing a small ring buffer file size. (e.g. set the "Next
file every" to "5 kilobyte(s)" and set the "Ring buffer with" to "2 files".

One workaround for this problem is to disable the "Update list of packets in
real time" when the "Use Multiple Files and "Ring buffer with" options are
enabled.

A related issue when using the "Ring buffer" feature is that occasionally some
random older ring buffer file will NOT have been deleted.  I suspect this
happens when dumpcap attempted to delete the file but couldn't because the
Wireshark GUI happened to be processing that particular file.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube