while latest Ethereal 0.9.15 normally works like a charm for us (thanks so much), it chokes on some capture files when doing RTP Analysis. It writes to /tmp/ethereal_rtp_fwdXXXXetzbX1 "endlessly", i.e. until it hits a limit (like the 2GB filesize limit on my machine) and dies.
A sample 2-packet capture file that triggers this problem can be found at:
http://user.blue-cable.de/~anders/download/rtp.bin.gz
(you may have to use "Decode As" to decode as RTP)
I suspect that this may have to do with the RTP sequence numbers being 0 in both packets. Even if so: shouldn't Ethereal handle this more gently?
My environment:
foo# ethereal -v ethereal 0.9.15 Compiled with GTK+ 1.2.10, with GLib 1.2.10, with libpcap 0.7, with libz 1.1.4, with Net-SNMP 5.0.9, without ADNS Running on Linux 2.4.19-4GB foo#
This is reproducible with similar capture files (RTP traffic with the same device) and other Ethereal installations (and versions) on different machines.
Your feedback is highly appreciated.
Best regards, Thomas
-- Thomas Anders (thomas.anders at blue-cable.de)
