There is NO WARRANTY not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This is free software see the file named COPYING in the distribution. Licensed under the terms of the GNU General Public License (version 2 or later). Copyright 1998-2022 Gerald Combs and contributors. Packet_that_causes_the_sharks_to_lock_up.pcap Relevant logs and/or screenshots Single packet pcap that can trigger wireshark and tshark to lockup when the smtp dissector is enabled: Wireshark and tshark should dissect all the packets. Wireshark and tshark become completely non-responsive when they encounter certain packet payloads. When the smtp dissector is enabled, Wireshark or tshark will need to be terminated manually (Ctrl-C, Ctrl-Break, abort, Force Quit, TaskManager, etc). % tshark -enable-protocol smtp -r packet_that_causes_the_sharks_to_lock_up.pcap.% wireshark -enable-protocol smtp -r packet_that_causes_the_sharks_to_lock_up.pcap.Now attempt to read the pcap with the smtp dissector enabled: % tshark -disable-protocol smtp -r packet_that_causes_the_sharks_to_lock_up.pcap.% wireshark -disable-protocol smtp -r packet_that_causes_the_sharks_to_lock_up.pcap.When working with the attached pcap file (packet_that_causes_the_sharks_to_lock_up.pcap), the non-responsive behavior is easier to deal with if Wireshark or tshark is started in a CLI:įirst verify that the pcap can be successfully displayed if the "smtp" dissector is disabled: One must use a version of Wireshark that includes commit bf26f538 - "wiretap: Do not silently limit capture length". Wireshark and tshark become non-responsive when reading certain types of packets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |