Compiled (64-bit) using Clang 11.0.0 (clang-1100.0.33.16), with GLib 2.68.4, with PCRE2, with zlib 1.2.11, with Qt 6.2.4, with libpcap, without POSIX capabilities, with Lua 5.2.4, with GnuTLS 3.6.15 and PKCS #11 support, with Gcrypt 1.8.7, with Kerberos (MIT), with MaxMind, with nghttp2 1.46.0, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.9, with libsmi 0.4.8, with QtMultimedia, with automatic updates using Sparkle, with SpeexDSP (using system library), with Minizip, with binary plugins. There is NO WARRANTY not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This is free software see the file named COPYING in the distribution.
Licensed under the terms of the GNU General Public License (version 2 or later). Copyright 1998-2022 Gerald Combs and contributors. Packet_that_causes_the_sharks_to_lock_up.pcap Relevant logs and/or screenshots Single packet pcap that can trigger wireshark and tshark to lockup when the smtp dissector is enabled: Wireshark and tshark should dissect all the packets. Wireshark and tshark become completely non-responsive when they encounter certain packet payloads. When the smtp dissector is enabled, Wireshark or tshark will need to be terminated manually (Ctrl-C, Ctrl-Break, abort, Force Quit, TaskManager, etc). % tshark -enable-protocol smtp -r packet_that_causes_the_sharks_to_lock_up.pcap.% wireshark -enable-protocol smtp -r packet_that_causes_the_sharks_to_lock_up.pcap.Now attempt to read the pcap with the smtp dissector enabled: % tshark -disable-protocol smtp -r packet_that_causes_the_sharks_to_lock_up.pcap.% wireshark -disable-protocol smtp -r packet_that_causes_the_sharks_to_lock_up.pcap.When working with the attached pcap file (packet_that_causes_the_sharks_to_lock_up.pcap), the non-responsive behavior is easier to deal with if Wireshark or tshark is started in a CLI:įirst verify that the pcap can be successfully displayed if the "smtp" dissector is disabled: One must use a version of Wireshark that includes commit bf26f538 - "wiretap: Do not silently limit capture length".
Wireshark and tshark become non-responsive when reading certain types of packets.
0 kommentar(er)
