Wireshark locks up some Windows 2000 systems

This issue was migrated from bug 3270 in our old bug tracker.

Original bug information:

Reporter: quartz12h
Status: RESOLVED FIXED
Product: Wireshark
Component: GTK+ UI
OS: Windows 2000
Platform: x86
Version: 1.0.1

Attachments:

win2ksp4.nfo: msinfo32 .nfo from PC exhibiting bug 3270
nfo.txt: Windows SP4 info
VS6.0debug-results-3270.txt: VS 6.0 debug results for bug 3270

quartz12h said:

Build Information:

I cannot provide such information, it won't start.

It is the 1.0.6 for windows. Just downloaded TODAY (feb. 21st 2009).

I used to use wireshark 1.0.0 in the past without problems.
In presence of sygate personal firewall and AVG antivirus.
Now it doesn't work. I installed the latest 1.0.6 and it still freezes on start.
Process explorer show 100% cpu in kernel, and I cannot kill this task, I cannot even shutdown the PC gracefully. I have to reset or power down!

Changes:

I recently removed a PPPoe stack because I now have a router.

I get the AVG updates but I installed it without the http scanner and without the firewall (with special arguments to their setup.exe program, and it really doesn't install any net interceptor).

I didn't changed any of the sygate firewall settings. It should not interfere more nor less than before.

I also tuned my PC MTU from 1500 own to 1454 with TCP IP optimizer
(http://www.speedguide.net/downloads.php) and the receive window is 260176.
Dunno if that matters to you, but there it is. I can provide more abotu the tcp ip stack if I can find it.

That's the only changes in this PC. Wireshark barely show the small splash screen and that's it, doesn't even repaint it when frozen (clearly loops infinitely without i/o of any kind).

Note that this is windows 2000 sp4, although, like I said, I used to run 1.0.0 without problems, so the OS isn't the sensitive part. I think the boot sequence of wireshark isn't immune to the abscence of something my pc recently stopped providing (or presence of something new...).

added oswindows uigtk version1.0 labels

Jaap Keuter said:

Do you have personal preferences left over from the 1.0.0. install? If so, can you remove them and see what happens? Are there any extra plugins which you've added (maybe for the 1.0.0 install?) If so, can you remove them and see what happens? What is you display color setting, how many colors are supported? There were problems in this area as well. Can you install a development build (1.1.2)? This one has more up to date (GTK+) libs, hence may have a solution for you as well.

quartz12h said:

I have true color 32 bits (who still doesn't...). I don't recall having ever added a plugin. But like I said, this 1.0.0 used to work. It's not like I made changes to it. I barely uses it, and when I do, I just capture and browse. Nothing fancy. I barely customized the split panes layout and the "remember window position". This morning it just decided to loop infinitely. Same for 1.0.6.

Can you tell me how to make sure I can kill such regenade process? Like a sandbox or something? I tried to run a standard user from the process explorer (sysinternals) but that didn't help me kill it. I'm tired of crashing my pc. I'm afraid w2k won't recover from such crash eventually.

In the mean time I will clear all the personal settings and try 1.1.2.

quartz12h said:

1.1.2 freezes too.

FYI, while trying the "tshark.exe -v", it freezes thr same way too (100% cpu kernel and can't kill). So, it doesn't look like a gui related bug of wireshark.

Also, in case you wonder, I deinstalled completely the winpcap too. So I currently have 1.1.2 with winpcap 4.0.2.

I don't know enough about debugging under windows to give you a core dump or a thread stack. I would need help for that.

quartz12h said:

Any progress on this blocker?

As far as I can tell, in this state, wireshark is a trojan that bring a machine to a crawl, rather than sniff packets... Have you changed the requirements? LOL!

Thanks.

Stephen Fisher said:

Assign a more appropriate severity of critical instead of blocker:

Blocker Blocks development and/or testing work Critical crashes, loss of data, severe memory leak Major major loss of function Normal regular issue, some loss of functionality under specific circumstances Minor minor loss of function, or other problem where easy workaround is present Trivial cosmetic problem like misspelled words or misaligned text

shem said:

I have exactly the same problem on the same OS, Windows 2000 sp4. I can't get past the splash screen.


I first installed 1.04, default installation. On startup got the splash screen 0% and then endless high cpu utilization. I have dual socket system, switching affinity to 1 cpu gave 100% utilization. Also could not kill the program, had to restart my machine.

Downloaded the latest 1.06, defualt installation, and same problem.

On my XP Laptop it works fine.

Jaap Keuter said:

(Just a shot in the dark) What if you uninstall WinPcap only? You'll end up with Wireshark without capture capability, but as a test it's informative.

shem said:

I just tried that, no change. Same result with 1.1.2

shem said:

I have downloaded previous version of Wireshark to try those. It wasn't until I got to 1.0.0 that it manged to get pass the splash screen.

quartz12h said:

Thanks for the tip. 1.0.0 works for me too. So, something bad is in 1.0.1...

Spyrus said:

I changed the version to 1.0.1 to where the problem begins. I have also Windows 2000 SP4 + all updates. Any progress? What has happened beyond 1.0.0, which works like a charm?

J. Michael Milner said:

I can confirm the same behavior with my fully patched win2k sp4 system with version 1.0.7. As others have reported, once started, wireshark can't be killed and uses 100% CPU. I've used Ethereal in the past but decided to update. I'll go back to 1.0.0 and hope that it works well enough for my modest needs.

Gerald Combs said:

Can someone experiencing this problem provide more detail about their environment? I can't duplicate it on a freshly-installed Windows 2000 SP4 VM.

J. Michael Milner said:

Created attachment 2973 msinfo32 .nfo from PC exhibiting bug #3270 (closed)

Spyrus said:

Created attachment 3081 Windows SP4 info

Alan said:

I'm using Win2k SP4.

Just installed Wireshark 1.21 and when started it brought up a small blank window, used 96% of my CPU and did nothing else. Process Explorer can't kill it -- reports "Access denied". Had to do a power off to exit Windows and caused disk errors in the process.

I was foolish enough to try again with identical results.

Since there has been no progress made on this in the last 7 months and several versions, how about providing a warning on the download page? This is a very unpleasant and potentially dangerous bug.

Alexander Goomenyuk said:

It is looks like not a Wireshark bug.

When I rollback to the gnutls-1.6.1-1 it will worked fine for me.

The application freezing in calling gnutls_global_init(); function in the epan_init() of \epan\epan.c;

The problem has been faced with WireShark-1.1.3 and gnutls-2.6.4-1;

Spyrus said:

(In reply to comment #17)  
> It is looks like not a Wireshark bug.  
>  
> When I rollback to the gnutls-1.6.1-1 it will worked fine for me.  
>  
> The application freezing in calling gnutls_global_init(); function in the  
> epan_init() of \epan\epan.c;  
>  
> The problem has been faced with WireShark-1.1.3 and gnutls-2.6.4-1;  

Sorry, but you are on a Linux?