Re: [Wireshark-dev] Err when using a pipe

2012-03-04 Thread vijay 
I digged in bit further and found where the SIGSEV is signaled. Its coming
from the p_stats(). Here is what i got in gdb

[New Thread 0xb78acb70 (LWP 3668)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb78acb70 (LWP 3668)]
0x00f6f433 in pcap_stats () from /usr/lib/libpcap.so.0.8

looks like the seg-fault if thrown by libpcap.

Has anyone else experianced the similar thing while using Wireshark 1.6.5
(im running it in Ubuntu on VirtualBox)?
I got this when i start wireshark from the command line through: *./wireshark
-k -i /tmp/pipe*

It waits for any input from the pipe and when i did cat capturefile.pcap 
/tmp/pipe, wireshark displayed the contents partially (97 pckts out of 110)
and crashed with *Segmentation fault*.





On Fri, Mar 2, 2012 at 7:33 PM, vijay vijay.prasa...@gmail.com wrote:

 Hi,

 I start wireshark from command line : sudo ./wireshark -k -i /tmp/pipe

 I have a capture dump in libpcap format which i wite into the pipe
 (/tmp/pipe) after starting wireshark. Everytime i do this wireshark
 displays the contents of the file but at the end it shows segmentation
 fault. The capture file is from my previous run of wireshark saved in
 libpcap format.

 Wireshark perfectly works with the same file when open though GUI. I am
 using wireshark 1.6.5 on linux. Could some one pls tell me
 why this behavior occurs?

 Thanks
 Vijay

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wireshark and NetMon (was Re: Frame comments in Microsoft Network Monitor)

2012-03-04 Thread Guy Harris 

On Mar 3, 2012, at 10:56 PM, Krishnamurthy Mayya wrote:

 And ya, the final question i did not make it very clear. Hardware 
 dependencies in the sense that kind of device drivers ar network adapetrs 
 (NICs) a sustem has. I done really know whether the packet capturing 
 softwares have anything to do with these hardware modules. So, wanted to 
 understand.

Well, a driver is a software module, not a hardware module, but:

with the NDIS 5-based WinPcap, the driver for a Wi-Fi adapter will 
govern what happens in promiscuous mode - will it be able to go into 
promiscuous mode, and will it capture any traffic if it does (I'm not sure 
whether any drivers support it);

with the NDIS 6-based mechanism NetMon uses on Windows Vista and later, 
the driver for a Wi-Fi adapter will govern whether monitor mode is supported - 
if the driver is an NDIS 6 driver that supports Native Wi-Fi *including* 
monitor mode, you will be able to capture in monitor mode with NetMon, 
otherwise not.

If monitor or promiscuous mode doesn't work, you will probably be able to 
capture, on a Wi-Fi adapter with promiscuous mode turned off, traffic sent by 
and received by the machine running {WinDump, Wireshark} or NetMon, but that's 
it.

As for non-Wi-Fi network adapters:

most if not all Ethernet drivers should support promiscuous mode (but 
that would also require a network tap or port mirroring or something such as 
that on a switched network);

if you're on an Ethernet network with VLANs, the driver and adapter 
might have to be configured to show you VLAN tags if you want to capture 
traffic and see the VLAN tags (which would, I think, be the same with WinPcap 
and with NetMon).
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Err when using a pipe

2012-03-04 Thread Guy Harris 

On Mar 4, 2012, at 2:23 AM, vijay wrote:

 I digged in bit further and found where the SIGSEV is signaled. Its coming 
 from the p_stats(). Here is what i got in gdb
 
 [New Thread 0xb78acb70 (LWP 3668)]
 
 Program received signal SIGSEGV, Segmentation fault.
 [Switching to Thread 0xb78acb70 (LWP 3668)]
 0x00f6f433 in pcap_stats () from /usr/lib/libpcap.so.0.8

Is this in Wireshark or in dumpcap?  The only code I can find in the top of the 
1.6 branch that calls pcap_stats() is in dumpcap.

And what's the full stack trace?
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] QtShark Translation

2012-03-04 Thread Joerg Mayer 
Hello Alexis,

nice piece of work. I have one annotation and one question:

You might try the following instructions for cmake:
http://www.cmake.org/Wiki/CMake:How_To_Build_Qt4_Software
but I'd be willing to do this once internationalization is committed.

While looking at the translation file: It seems to contain the line numbers
of the english original - does this mean the translation will fail if the
line numbers change because someone makes changes to the code?

Thanks
   Jörg
-- 
Joerg Mayer   jma...@loplof.de
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.


Qtshark-translation-in-French.patch
Description: Binary data
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Err when using a pipe

2012-03-04 Thread vijay 
This is from dumpcap. Here is the complete stack. It occurring *while
writing the IDB*

#0  0x00ac7433 in pcap_stats () from /usr/lib/libpcap.so.0.8
#1  0x080513de in libpcap_write_interface_statistics_block (fp=0x805af70,
interface_id=0, pd=0x0, bytes_written=0x80572fc, err=0xbfffd2a8) at
pcapio.c:472
#2  0x080501c8 in capture_loop_close_output (stats_known=value optimized
out, stats=value optimized out, capture_opts=value optimized out) at
dumpcap.c:2467
#3  capture_loop_start (stats_known=value optimized out, stats=value
optimized out, capture_opts=value optimized out) at dumpcap.c:3127
#4  0x08051224 in main (argc=value optimized out, argv=value optimized
out) at dumpcap.c:3916

And one more important stuff i could figure out is that this segmentation
fault occurs only when *wireshark is capturing in PCAPNG forma*t.
I c*hanged the capture format to LIBPCAP and it worked fine*.

The wireshark wiki tells that the capture file being used with pipe should
be in LIBPCAP format and *my capture file is in LIBPCAP* only. Only
wireshark capture format is PCAPNG.


On Sun, Mar 4, 2012 at 3:27 PM, Guy Harris g...@alum.mit.edu wrote:


 On Mar 4, 2012, at 2:23 AM, vijay wrote:

  I digged in bit further and found where the SIGSEV is signaled. Its
 coming from the p_stats(). Here is what i got in gdb
 
  [New Thread 0xb78acb70 (LWP 3668)]
 
  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0xb78acb70 (LWP 3668)]
  0x00f6f433 in pcap_stats () from /usr/lib/libpcap.so.0.8

 Is this in Wireshark or in dumpcap?  The only code I can find in the top
 of the 1.6 branch that calls pcap_stats() is in dumpcap.

 And what's the full stack trace?
 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark compile options

2012-03-04 Thread James dsouza 
Hello,

I am new to Wireshark and want to use Wireshark with gprof which
requires it to be compiled with -pg option. Where should this option be
added so gcc
would build it with this option? I am not sure in which Make file and where
I should add this option. Thanks in advance.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wireshark compile options

2012-03-04 Thread ronnie sahlberg 
CFLAGS=-pg ./configure

should do the trick


On Sun, Mar 4, 2012 at 3:14 PM, James dsouza james.dso...@gmail.com wrote:
 Hello,

     I am new to Wireshark and want to use Wireshark with gprof which
 requires it to be compiled with -pg option. Where should this option be
 added so gcc
 would build it with this option? I am not sure in which Make file and where
 I should add this option. Thanks in advance.





 ___
 Sent via:    Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:    http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Err when using a pipe

2012-03-04 Thread Jeff Morriss 

On 03/04/2012 05:28 PM, vijay wrote:

This is from dumpcap. Here is the complete stack. It occurring *while
writing the IDB*

#0  0x00ac7433 in pcap_stats () from /usr/lib/libpcap.so.0.8
#1  0x080513de in libpcap_write_interface_statistics_block
(fp=0x805af70, interface_id=0, pd=0x0, bytes_written=0x80572fc,
err=0xbfffd2a8) at pcapio.c:472
#2  0x080501c8 in capture_loop_close_output (stats_known=value
optimized out, stats=value optimized out, capture_opts=value
optimized out) at dumpcap.c:2467
#3  capture_loop_start (stats_known=value optimized out, stats=value
optimized out, capture_opts=value optimized out) at dumpcap.c:3127
#4  0x08051224 in main (argc=value optimized out, argv=value
optimized out) at dumpcap.c:3916

And one more important stuff i could figure out is that this
segmentation fault occurs only when *wireshark is capturing in PCAPNG
forma*t.
I c*hanged the capture format to LIBPCAP and it worked fine*.


See:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5939

It's scheduled to be fixed in 1.6.6.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Err when using a pipe

2012-03-04 Thread Guy Harris 

On Mar 4, 2012, at 8:24 PM, Jeff Morriss wrote:

 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5939
 
 It's scheduled to be fixed in 1.6.6.

...and I backported the relevant part (a tiny fraction of the change 
responsible for fixing it in the trunk; that change added a bunch of new 
functionality, so it's not appropriate for the 1.6 branch in its entirety) to 
1.6 and checked it in.

I've also scheduled that change for the 1.4 branch.

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe