Wireshark mailing list archives
Tshark crashes
From: "Alexander Papakhristos" <papakhr () marsat ru>
Date: Tue, 5 Mar 2013 17:52:48 +0400
Hello, I began to use tshark as exporter for raw traffic data to pdml format and have a problem: Tshark crashes on several files during export. I run it as tshark.exe -r <raw_traffic_file_path> -n -T pdml -V >out.xml. I've received a following error: Unhandled exception ("emem.c:792: failed assertion "size<((10 * 1024 * 1024)>>2)"", group=1, code=4). After some kind of investigation, I found the problem appears when Tshark is writing (in pdml format) the packet containing field data.data (in any proto node) with size more than 2.5 MB. Example (I've replaced non-important values with :): <proto name=": "> <field name="data" value=":"> <field name="data.data" showname="Data:..." size="2754632" pos=":" show=": " value=":"/> <field name="data.len" showname="Length: 2754632" size="0" pos=":" show="2754632"/> </field> </proto> How can I fix it? I can use filter to exclude packet with data.len >2.5MB ("(data and data.len < 2500000) or !data") but that's not very good solution. It seems tshark analyzes all packets fragments and writes entire data to the first packet in the block. Is there any way to disable that behavior? Thanks in advance. With best regards, Alexander
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Tshark crashes Alexander Papakhristos (Mar 05)
- Re: Tshark crashes Christopher Maynard (Mar 05)