This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Mac OS 10.9 Mavericks: Wireshark always crash right after I started the capture

0

Hello everyone, I've been desperate trying to start my Wireshark app (1.10.4) on my macbook air (mid 2012 model) with no luck in the past one month.

Before upgrading my OS, my wireshark has been working great with Mac OS 10.8 (mountain lion).

I already updated my X11 to the latest 2.7.5 and using the stable wireshark 1.10.4 build. I kept getting this crash report below. Any help and tips on how can i get my wireshark to fine again with this Maverick? Thanks in advance.

Process:         wireshark-bin [1088]
Path:            /Applications/Wireshark.app/Contents/Resources/bin/wireshark-bin
Identifier:      wireshark-bin
Version:         ???
Code Type:       X86-64 (Native)
Parent Process:  Wireshark [1086]
Responsible:     Wireshark [1086]
User ID:         501

Date/Time: 2013-12-18 02:49:27.418 -0800 OS Version: Mac OS X 10.9 (13A603) Report Version: 11 Anonymous UUID: 54F7A740-4C2F-21DE-DDDF-5E227B204FE6

Crashed Thread: 0 Dispatch queue: com.apple.main-thread

Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000004

VM Regions Near 0x4: –> __TEXT 0000000100000000-00000001001e1000 [ 1924K] r-x/rwx SM=COW /Applications/Wireshark.app/Contents/Resources/bin/wireshark-bin

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libwireshark.3.dylib 0x00000001006fce25 dissect_ieee80211_common + 9589 1 libwireshark.3.dylib 0x00000001006ed188 dissect_ieee80211 + 40 2 libwireshark.3.dylib 0x0000000100390ea2 call_dissector_work + 322 3 libwireshark.3.dylib 0x0000000100390ff2 call_dissector_with_data + 50 4 libwireshark.3.dylib 0x00000001006e5319 dissect_radiotap + 9113 5 libwireshark.3.dylib 0x0000000100390ea2 call_dissector_work + 322 6 libwireshark.3.dylib 0x0000000100391d90 dissector_try_uint + 96 7 libwireshark.3.dylib 0x0000000100623761 dissect_frame + 3665 8 libwireshark.3.dylib 0x0000000100390ea2 call_dissector_work + 322 9 libwireshark.3.dylib 0x0000000100390ff2 call_dissector_with_data + 50 10 libwireshark.3.dylib 0x0000000100392966 dissect_packet + 486 11 libwireshark.3.dylib 0x00000001003868f1 epan_dissect_run_with_taps + 65 12 wireshark-bin 0x0000000100015329 add_packet_to_packet_list + 249 13 wireshark-bin 0x00000001000169ee read_packet + 382 14 wireshark-bin 0x0000000100016b87 cf_continue_tail + 375 15 wireshark-bin 0x000000010000e989 capture_input_new_packets + 57 16 wireshark-bin 0x000000010000bd7d sync_pipe_input_cb + 509 17 wireshark-bin 0x000000010006446d pipe_input_cb + 29 18 libglib-2.0.0.dylib 0x00000001057cdbe6 g_io_unix_dispatch + 182 19 libglib-2.0.0.dylib 0x000000010575ef70 g_main_dispatch + 496 20 libglib-2.0.0.dylib 0x000000010575fe94 g_main_context_dispatch + 52 21 libglib-2.0.0.dylib 0x0000000105760100 g_main_context_iterate + 592 22 libglib-2.0.0.dylib 0x0000000105760688 g_main_loop_run + 568 23 libgtk-x11-2.0.0.dylib 0x0000000104b7dc3f gtk_main + 255 24 wireshark-bin 0x000000010006c498 main + 5656 25 wireshark-bin 0x0000000100001f54 start + 52

asked 18 Dec ‘13, 02:58

ajlearning's gravatar image

ajlearning
11112
accept rate: 0%

edited 18 Dec ‘13, 12:59

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


One Answer:

0

Looks like a crash in the 802.11 dissector (and probably not Mavericks-specific, except to the extent that Mavericks might be sending traffic that happens to trigger the bug).

If, right after Wireshark crashes, you open up a Terminal window and do

ls -lt $TMPDIR/wireshark* | head -1

and make a copy of the file that shows up in that list (using the cp command, for example

cp /var/folders/r6/7c10vwy92374jygh41f9d1k00000gn/T//wireshark_pcapng_en0_20131218130228_0jnr9Z ~/Desktop/crashes.pcapng

Note that the command must be all on one command line. That command will put a copy of the file on your desktop, named crashes.pcapng), and then try to open the capture in Wireshark, it'll probably crash Wireshark.

If it crashes Wireshark, then submit a bug at the Wireshark Bugzilla, and attach the capture file; you can mark it as "private" if you don't want anybody other than the core Wireshark developers to be able to see the capture file (and the packets in it).

answered 18 Dec '13, 13:07

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Thank you a bunch, Guy for the tips. I just filed my issue here at the Wireshark Bugzilla and attached the suggested file. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9582

(18 Dec '13, 23:54) ajlearning