ummeegge
(Erik Kapfer)
7 May 2021 07:14
1
Hi all,
tshark/dumpcap currently does not work and ends up with a
$ tshark -i red0
Running as user "root" and group "root". This could be dangerous.
Capturing on 'red0'
tshark: Child dumpcap process died: Segmentation violation
0 packets captured
Possibly it relies on dumpcap:
$ dumpcap
Capturing on 'green0'
[1] 6814 segmentation fault dumpcap
strace says:
futex(0x791ea60e29bc, FUTEX_WAKE_PRIVATE, 2147483647) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x5ad600ffffc0} ---
+++ killed by SIGSEGV +++
[1] 6864 segmentation fault strace dumpcap
tshark version is:
$ tshark --version
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 3.4.3 (Git commit 6ae6cd335aa9)
Does someone else have this problem too ?
Best,
Erik
Hi Erik,
I just tried your command out on my IPFire vm testbed and did not get a seg fault.
# tshark -i red0
Running as user "root" and group "root". This could be dangerous.
Capturing on 'red0'
1 0.000000000 40:3f:8c:78:29:d4 → Broadcast 0x8899 60 Realtek Layer 2 Protocols
2 0.009782422 40:3f:8c:78:2b:df → Broadcast 0x8899 60 Realtek Layer 2 Protocols
3 0.690611541 192.168.26.200 → 192.168.26.32 TCP 286 222 → 55908 [PSH, ACK] Seq=1 Ack=1 Win=69 Len=220 TSval=1213938445 TSecr=3708698971
4 0.690782952 192.168.26.32 → 192.168.26.200 TCP 66 55908 → 222 [ACK] Seq=1 Ack=221 Win=501 Len=0 TSval=3708700547 TSecr=1213938445
5 1.003636614 40:3f:8c:78:29:d4 → Broadcast 0x8899 60 Realtek Layer 2 Protocols
6 1.005468285 192.168.26.32 → 239.192.152.143 LSD 179
7 1.005505696 fe80::2b78:99eb:5c12:80f6 → ff15::efc0:988f LSD 201
8 1.013527385 40:3f:8c:78:2b:df → Broadcast 0x8899 60 Realtek Layer 2 Protocols
9 1.238543680 192.168.26.200 → 192.168.26.32 TCP 390 222 → 55908 [PSH, ACK] Seq=221 Ack=1 Win=69 Len=324 TSval=1213938993 TSecr=3708700547
10 1.238752910 192.168.26.32 → 192.168.26.200 TCP 66 55908 → 222 [ACK] Seq=1 Ack=545 Win=501 Len=0 TSval=3708701095 TSecr=1213938993
My version message was exactly the same as yours.
Just tried it also on a hardware system and worked exactly the same. No seg fault message.
Edit:
Tried the dumpcap command and no problem.
# dumpcap
Capturing on 'red0'
File: /tmp/wireshark_red0QA0B30.pcapng
Packets captured: 73
Packets received/dropped on interface 'red0': 73/0 (pcap:0/dumpcap:0/flushed:0/ps_ifdrop:0) (100.0%)
Looks like your problem is related to dumpcap for some reason.
Hi Erik,
Not sure if this has anything to do with your problem.
https://github.com/termux/termux-root-packages/issues/220
ummeegge
(Erik Kapfer)
7 May 2021 08:27
4
Hello Adolf,
thanks for pointing that out, have found that too but as far as i can see is this termux related. I use zsh but i do not use a terminal emulation, /tmp is also present.
Does run the current new tshark-3.4.3 on your platform ?
Best,
Erik
Yes it was tshark-3.4.3 that I was using.
ummeegge
(Erik Kapfer)
7 May 2021 08:46
6
OK, thanks for checking it. Will take a look what causes it on my platform.
Best,
Erik