After a while that wireshark is capturing packets and showing them in realtime it stops identifying them correctly and reports them to be just ethernet. pressing the "refresh" button (that is not clickable while capturing unfortunately) makes it recalculates the trace and shows the correct packet interpretation. his was not happening with wireshark 1.4.6 Reproducible: Always Steps to Reproduce: 1.start capturing 2.wait for a random time (5-10 min usually) 3. Actual Results: packets are identified as ethernet (white background) (Note: some times not all ethernet packets are shown) Expected Results: packets should be correctly dissected emerge --info Portage 2.1.9.42 (default/linux/amd64/10.0/desktop, gcc-4.4.5, libc-0-r0, 2.6.38-gentoo-r6 x86_64) ================================================================= System uname: Linux-2.6.38-gentoo-r6-x86_64-AMD_Phenom-tm-_II_X4_945_Processor-with-gentoo-2.0.2 Timestamp of tree: Wed, 29 Jun 2011 06:30:01 +0000 ccache version 2.4 [disabled] app-shells/bash: 4.1_p9 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.1-r1, 3.1.3-r1 dev-util/ccache: 2.4-r9 dev-util/cmake: 2.8.4-r1 dev-util/pkgconfig: 0.25-r2 sys-apps/baselayout: 2.0.2 sys-apps/openrc: 0.8.2-r1 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.13, 2.65-r1 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.5 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.82 sys-kernel/linux-headers: 2.6.36.1 sys-libs/glibc: 2.12.2 virtual/os-headers: 0 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA PUEL dlj-1.1 skype-eula googleearth AdobeFlash-10.1" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=k8 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs candy distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch usersandbox" FFLAGS="" GENTOO_MIRRORS="http://distfiles.gentoo.org" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en it" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac acl acpi aften akode alsa amazon amd64 amr amrnb amrwb animgif audiofile branding bzip2 cairo ccache cdr cleartype cli consolekit cracklib crypt cscope cups curl cxx dbus dri dts dvd dvdr ebook encode exif fam ffmpeg firefox flac foomaticdb gcrypt gd gdbm gdu gif gimp gkrellm gpm gsm gtk hardened iconv imagemagick ipod java java6 jpeg lame lcms libgcrypt libssh2 logrotate loop-aes mad matroska mmx mmxext mng modules mp3 mp4 mpeg mpeg2 mplayer mudflap multilib musepack musicbrainz ncurses nls nptl nptlonly nsplugin ogg opencore-amr opengl openmp openssl opensslcrypt pam pango pcre pdf perl phonon plasma png policykit ppds pppd python qt3support qt4 readline samba sdl session smp sndfile speex spell sql sqlite3 sse sse2 sse3 sse4.1 sse4.2 sse4a sse5 ssl startup-notification subversion svg svnserve swat sysfs syslog tcpd theora tiff truetype udev unicode usb v4l v4l2 vorbis webkit x264 xcb xcomposite xinerama xml xorg xscreensaver xulrunner xv xvid zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="braindump flow karbon kexi kpresenter krita tables words" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en it" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="vesa radeonhd vga" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Could you, please, report this bug upstream? http://bugs.winehq.org/
Hi Peter, should i report in to wine?
Err, sure now. That was firefox substitution :) Bugzilla is here: https://bugs.wireshark.org/
i will try to report that, although i noticed that same happen with 1.4.6-r1 (just downgraded) after a while the packets are wrongly interpreted and it mess up also reception time (setting it in the future)... I'll try to downgrade to another version in order to spot the version that introduced this bug...
an update: launching from console i see these warnings: [Errno 2] No such file or directory: '/usr/lib64/wireshark/python/1.4.4/wspy_dissectors' 15:19:02 Warn Error "Less data was read than was expected" while reading: "/tmp/wiresharkXXXX4cUhHI" 15:19:03 Warn Error "File contains a record that's not valid" while reading: "/tmp/wiresharkXXXX4cUhHI" 15:19:04 Warn Error "File contains a record that's not valid" while reading: "/tmp/wiresharkXXXX4cUhHI" 15:19:05 Warn Error "File contains a record that's not valid" while reading: "/tmp/wiresharkXXXX4cUhHI" 15:19:06 Warn Error "File contains a record that's not valid" while reading: "/tmp/wiresharkXXXX4cUhHI" and then... 15:19:48 Warn Error "File contains a record that's not valid" while reading: "/tmp/wiresharkXXXX4cUhHI" 15:19:49 Warn Error "Less data was read than was expected" while reading: "/tmp/wiresharkXXXX4cUhHI" at this point it seems to stop interpreting correctly... running as user or superuser makes no difference also wshark 1.4.4 seems to show this behaviour as well. I wonder if something else on my system is breaking this... Now will try to compile wireshark from source
compiling 1.4.7 from sources (./configure --prefix=/home/user/ws147) seems to be working no warnings in console and capturing seems to be going just fine. So i suspect it not to be an upstream bug.
Probably compiling from the console you've got different configuration. Please, attach both build outputs, with build from console (without this bug) and build.log (with this bug).
Hi Peter, an update... even 1.4.7 from sources in the end gave the same error (it took just half an hour instead of a few mins) 1.6.0 although seems to be fine. I found these posts on wireshark bugzilla... that indicates zlib 1.2.5 as a possible culprit, specifically some gentoo modification to zlib.h https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5059 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5818 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4955 unfortunately downgrading from zlib 1.2.5 seems to be quite painful at the moment on my system. since 1.6.0 is going fine (finger crossed) i think it should be at least unmasked if not stabilized... or zlib-1.2.5 should be fixed/masked... wireshark is unusable other way :(
another update: i've been capturing for hours now and 1.6.0 works just fine with zlib-1.2.5-r2. No problems, no warnings, etc.
1.6.2 in tree. Thank you for report.