https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3667
Summary: Wireshark V1.2.0 crashes monitoring a spanned port
Product: Wireshark
Version: 1.2.0
Platform: Other
OS/Version: Windows XP
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: keithfrench@xxxxxxxxxxxxx
Build Information:
Version 1.2.0 (SVN Rev 28753)
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 15 2009), with
AirPcap.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
The PC running Wireshark has it's NIC set to obtain an IP address via DHCP.
If it is connected to a previously configured destination port of a monitor
session of a Cisco Catalyst switch (e.g. 2950), it correctly does not get
allocated an IP address. If Wireshark is then launched, the initial splash
screen is seen where the dissectors are initialised, but nothing else loads.
If the PC is connected to a port on the switch which is not spanned, it does
get an IP address. Then if this port is then configured as the destination port
of a monitor session and Wireshark started, all is fine.
It does not matter if Winpcap V4.0.2 or V4.1 beta 5 is used, the effect is
still the same. We have seen this problem on at least four PCs running XP Pro
now.
If Wireshark V1.0.8 is used it is fine.
Please see outputs from tshark -D from V1.2.0 and windump -D in case this might
help. Please ignore the errors in the tshark output about missing SNMP MIBs.
C:\Program Files\Wireshark>tshark -D
NOTE: you should run 'diskperf -y' to enable the disk statistics
tshark: The following errors were found while loading the MIBS:
-:0 1 module-not-found failed to locate MIB module `IC-GENERAL-MIB'
-:0 1 module-not-found failed to locate MIB module `ICS3-MIB'
-:0 1 module-not-found failed to locate MIB module `IIQ2000-MIB'
-:0 1 module-not-found failed to locate MIB module `IIQ2030-MIB'
-:0 1 module-not-found failed to locate MIB module `IIQ3000-MIB'
-:0 1 module-not-found failed to locate MIB module `WESTELL-GENERAL-MIB'
The Current Path is: C:\Program Files\Wireshark\snmp\mibs;d:\documents and
setti
ngs\802245920\Application Data\Wireshark\snmp\mibs
1. \Device\NPF_GenericDialupAdapter (Adapter for generic dialup and VPN
capture)
2. \Device\NPF_{D7EC7146-8F22-4100-9266-C3DBA0635F2B} (Bluetooth PAN Driver)
3. \Device\NPF_{9BFE26BD-9D7C-4626-85FC-8E4D43EF6279} (Intel(R) PRO/Wireless
220
0BG Network Connectio)
4. \Device\NPF_{18BB2664-5848-4373-BE0F-5D0DD7B99C29} (NOC Extranet Access
Adapt
er)
5. \Device\NPF_{753D735C-9562-40B8-82DD-996825D6E661} (Broadcom NetXtreme
Gigabi
t Ethernet Driver)
H:\Windump>windump -D
1.\Device\NPF_GenericDialupAdapter (Adapter for generic dialup and VPN capture)
2.\Device\NPF_{D7EC7146-8F22-4100-9266-C3DBA0635F2B} (Bluetooth PAN Driver)
3.\Device\NPF_{9BFE26BD-9D7C-4626-85FC-8E4D43EF6279} (Intel(R) PRO/Wireless
2200
BG Network Connectio)
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
