hi Recently i am getting the below error when i try to open a new trace: "An unhandled win32 exception occurred in Wireshark.exe" can someone help me pls? mark asked 04 Dec '14, 01:53  MarkFaenza showing 5 of 24 show 19 more comments |
One Answer:
Submitted as bug 10755; a fix has been committed on the trunk and in the 1.12 branch, so the next 1.12.x release should fix this. answered 05 Dec '14, 13:17  Guy Harris ♦♦ |
What is the Wireshark version, OS version and how big is the capture file?
hi graham
thanks a lot for your reply. Answers below:
Version = Version 1.12.2 (v1.12.2-0-g898fa22 from master-1.12) Windows 7 file size 40MB
Nothing odd there, can you run the command line tool capinfos.exe (in the same directory as Wireshark.exe) on the capture and post the output as another comment, e.g.
i am sorry i dont seem to have capinfos.exe :(
Should be installed right along-side Wireshark.exe, maybe you unselected the "Tools" component(or Capinfos in that section) when you installed Wireshark. Can you reinstall with the "Tools" option selected?
sure graham let me try and will advise. thanks al ot
i just added a screenshot, can you confirm if i am doing it good?
Close, assuming that Wireshark is installed in "C:\Program Files", then the command is:
"C:\Program Files\Wireshark\capinfos.exe" "Desktop\Justin Ticket\am1slc02-mgmt-DCA-igb0-1409831942"
The quotes are required as the paths have spaces in them. Also the best method for displaying the output of text programs is to copy the text. Right click the cmd window, dselect "Mark" from the context menu, left mouse down at the start of the text, drag the mouse to highlight all the required text, let the mouse button go, and then hit "Enter" to copy the text to the clipboard. The clipboard text can then be pasted directly into your comment (or answer) if it is an answer).
hi graham
thanks again :) Can you check the screenshot that i am uploading now please.
I think we need to add an option when using capinfos.exe as i tried to run it alone and it asked for options.
mark
No, you don't need to give it an option, you need to give it the pathname of a file that actually exists; as the message says, there's no such file as C:\Users\markf\am1slc02.
thanks again for your patience.
Today i tried doing the below:
cd "C:\Program Files\Wireshark"
Then
capinfos.exe "C:\Users\markf\am1slc02"
After i do that its telling me no such file or directory and i am 100% sure that the file is in that location.
I will attach a screenshot showing the error and the file in the correct location /Users/markf/am1slc02
thanks a lot
I doubt the file's name is just "am1slc02", as Windows is displaying an icon for it, and Windows Explorer will omit the extension if it knows it.
It's probably "am1slc02.pcap" or "am1slc02.pcapng" or something such as that. Try right-clicking on it in Windows Explorer, pop up the Properties dialog, and select "Details"; that should show the full name, including the extension.
On the command line, you need to pass the full file name, including the extension.
Stuipid me :)
It was .snoop
below is the result from capinfos
What happens if you run, in that directory:
(with 100 packets, it could print a lot of data out - but if it crashes with an exception, that would indicate that there's a bug somewhere in the packet dissection code (which is shared by Wireshark and TShark).
hmmm seems to be running fine and its still running...
shall i stop it?
As in it's still producing output? If so, yes, Ctrl + C should stop it.
ok i just stopped it.
any more ideas what i can do to solve the issue please?
let me send you a screenshot of what happens when i try to open a new trace
mark
The capture appears to be triggering a bug in Wireshark. The tests with capinfos shows that it seems to be a valid capture file, but when Wireshark inspects the contents in detail the bug is triggered.
If you can share the capture that causes the issue with the Wireshark developers you can raise an entry at the Wireshark Bugzilla and attach the capture. In the advanced options you can mark the bug and attachment is private to restrict public access.
If you can't share the capture then you will have to debug it yourself. You can try using editcap (in the same place as Wireshark and capinfos) to split the capture file into chunks and then open each chunk to find where it crashes, e.g.
editcap -c 5000 path\to\capture\file path\to\output\filewill split the capture into capture files of 5K packets each.thanks graham i will take it with bugzilla
mark