Ubuntu
wireshark package

wireshark/tshark promiscuous capture on wireless interface locks up machine

Bug #289986 reported by Gregory Gleason
8
Affects Status Importance Assigned to Milestone
wireshark (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: wireshark

# lsb_release -rd
Description: Ubuntu 8.04.1
Release: 8.04
# uname -a
Linux greglap 2.6.24-21-generic #1 SMP Mon Aug 25 17:32:09 UTC 2008 i686 GNU/Linux
# apt-cache policy wireshark
wireshark:
  Installed: 1.0.2-1~hardy1
  Candidate: 1.0.2-1~hardy1
  Version table:
 *** 1.0.2-1~hardy1 0
        500 http://us.archive.ubuntu.com hardy-backports/universe Packages
        100 /var/lib/dpkg/status
     1.0.0-1 0
        500 http://us.archive.ubuntu.com hardy/universe Packages
root@greglap /var/log
# apt-cache policy wireshark-common
wireshark-common:
  Installed: 1.0.2-1~hardy1
  Candidate: 1.0.2-1~hardy1
  Version table:
 *** 1.0.2-1~hardy1 0
        500 http://us.archive.ubuntu.com hardy-backports/universe Packages
        100 /var/lib/dpkg/status
     1.0.0-1 0
        500 http://us.archive.ubuntu.com hardy/universe Packages

If I use either wireshark as root from menu, or tshark as root user, it seems the first frame captured in promiscuous mode locks up my entire machine. My mouse is frozen, and I cannot kill the X server with the keyboard or switch to another terminal. I'm using a thinkpad R61 with the following internal wireless nic:
# lspci|grep -i wireless
03:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)

I tried the Alt+SysRq+1 followed by Alt+SysRq+t but it generated no output and did not write to /var/log/kern.log

The only entry during the failure of kern.log was the following:
Oct 27 11:19:23 greglap kernel: [ 76.762581] eth1: no IPv6 routers present
here we go
Oct 27 11:54:23 greglap kernel: [ 182.285182] device eth1 entered promiscuous mode
Oct 27 11:54:23 greglap kernel: [ 182.285200] audit(1225130063.580:3): dev=eth1 prom=256 old_prom=0 auid=4294967295
Oct 27 11:56:28 greglap kernel: Inspecting /boot/System.map-2.6.24-21-generic

The last line is the system booting up after failure and after hard power down.

I've attached a picture of what I see on the console when it locks up.

Revision history for this message
Gregory Gleason (gsgleason) wrote :
Revision history for this message
Gregory Gleason (gsgleason) wrote :

This happens in wireshark as well as tshark. For testing, to use a text console, I used tshark:
$ apt-cache policy tshark
tshark:
  Installed: 1.0.2-1~hardy1
  Candidate: 1.0.2-1~hardy1
  Version table:
 *** 1.0.2-1~hardy1 0
        500 http://us.archive.ubuntu.com hardy-backports/universe Packages
        100 /var/lib/dpkg/status
     1.0.0-1 0
        500 http://us.archive.ubuntu.com hardy/universe Packages

Revision history for this message
Dave Turvene (dturvene) wrote :

Complete system lockup happens to me on a Dell M1530 with an Intel 3945 wireless card running 8.0.4 with a recently installed wireshark:

> apt-cache policy wireshark
wireshark:
  Installed: 1.0.0-1
  Candidate: 1.0.0-1
  Version table:
 *** 1.0.0-1 0
        500 http://us.archive.ubuntu.com hardy/universe Packages
        100 /var/lib/dpkg/status

Don't know why the original bug report is at a higher level (wireshark 1.0.2-1)

The root problem is in dumpcap. Running it without going into promisc mode works fine.

Revision history for this message
Gregory Gleason (gsgleason) wrote :

upgrading to 8.10 resolved issue. Please close.

Revision history for this message
Jaime Carpenter (j.carpenter) wrote :

I am having the same problem with Hardy 8.04.1. Since Hardy is an LTS version, I do not believe this issue should be closed by recommending that a user upgrade to 8.10.

This is on a Dell D520 using iwl3945.

Revision history for this message
Hew (hew) wrote :

This bug report is being closed due to your comment regarding this being fixed with an update. For future reference you can manage the status of your own bugs by clicking on the current status in the yellow line and then choosing a new status in the revealed drop down box. You can learn more about bug statuses at https://wiki.ubuntu.com/Bugs/Status . Thank you again for taking the time to report this bug and helping to make Ubuntu better. Please submit any future bugs you may find.

Changed in wireshark (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.