Bug 397851 - Wireshark crashes when selecting capture interface
Summary: Wireshark crashes when selecting capture interface
Alias: None
Product: Fedora
Classification: Fedora
Component: wireshark
Version: 8
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Radek Vokal
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2007-11-24 14:10 UTC by Geert Jansen
Modified: 2011-03-24 04:30 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2007-12-19 19:13:31 UTC

Attachments (Terms of Use)
Error displayed on launching wireshark 1.0.8 or 1.4.4 (139.83 KB, image/png)
2011-03-24 04:30 UTC, Manoj
no flags Details

Description Geert Jansen 2007-11-24 14:10:16 UTC
Description of problem:

Wireshark crashes when selecting the capture interface through Capture ->
Interfaces. The output on the console is:

$ sudo wireshark 
wireshark: Fatal IO error 11 (Resource temporarily unavailable) on X server :0.0.

Gdk-ERROR **: The program 'wireshark' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadIDChoice (invalid resource ID chosen for this connection)'.
  (Details: serial 3503 error_code 14 request_code 53 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

Version-Release number of selected component (if applicable):


How reproducible:

Every time. The error message is sometimes a different:

$ sudo wireshark 
wireshark: Fatal IO error 11 (Resource temporarily unavailable) on X server :0.0.
wireshark: Fatal IO error 11 (Resource temporarily unavailable) on X server :0.0.

Steps to Reproduce:
1. sudo wireshark
2. click "Capture", and then "Interfaces"
3. crash
Actual results:

The program crashes.

Expected results:

A dialog to let you select the capture interface.

Additional info:

Comment 1 Geert Jansen 2007-11-24 14:19:07 UTC
When diagnosing a bit more, I believe I have found the problem. Wireshark uses
an external program called "dumpcap". It is looking for it in /usr/bin, but the
RPM puts it in /usr/sbin.


ln -s /usr/sbin/dumpcap /usr/bin/dumpcap

Comment 2 Radek Vokal 2007-11-25 21:33:07 UTC
Strange, I'm suspicious about your workaround. Wireshark is installed with
/usr/sbin patch and all binaries are located there (/usr/bin/wireshark is
consolehelper link). This works for me on Fedora 8, RHEL 5 and Fedora 6. 

Did you by any chance tried to install your own version of wireshark directly
from a source tarball? 

Which interface does it crash with? All of them? 

Comment 3 Geert Jansen 2007-12-02 13:54:15 UTC
First to answer your questions:

- I did not modify wireshark:

  $ rpm -q wireshark
  $ rpm -V wireshark | wc -l

- Wireshark crashes even before you can select the capture interface. Selecting
"Capture" and then "Interfaces" from the menu will lead to the crash immediately.

Secondly I did some more investigation:

After inspection of the wireshark source code it appears it looks for "dumpcap"
in the same directory as the wireshark executable. If wireshark is started with
an absolute path name, it takes the directory from argv[0]. If not, $PATH is
searched for the wireshark executable.

When running a command through sudo, only "/bin" and "/usr/bin" are in the path.
This means that wireshark cannot find its own executable, and bad stuff happens.

  $ sudo sh -c 'echo $PATH'

To confirm the hypothesis we can start wireshark with a full pathname and without:

  $ sudo /usr/sbin/wireshark
  # Select Capture -> Interfaces: no crash 

Starting wireshark without a full path name:

  $ sudo wireshark
  # Select Capture -> Interfaces: crash
  wireshark: Fatal IO error 11 (Resource temporarily unavailable) on X server :20.0.
  wireshark: Fatal IO error 11 (Resource temporarily unavailable) on X server :20.0.

The conclusion must therefore be that the problem is caused by an interaction
between sudo and wireshark.

Comment 4 Radek Vokal 2007-12-19 18:00:29 UTC
I see the problem and why it is happening. I will have patch soon.

Comment 5 Radek Vokal 2007-12-19 19:13:31 UTC
This should be fixed in wireshark-0.99.7-2.fc8

Comment 6 keith.flynn 2009-12-20 23:56:08 UTC
I don't really want to reopen this bug because it is so old, but the exact same thing is happening me using Wireshark 1.2.4-1 on Fedora 12 (x86_64). The only difference for me is that in my case, when I try to select a capture interface, not only does Wireshark crash, it also completely crashes my X server...

Geert's workaround from comment #1 resolves the issue for me.

I'm using Fedora 12, running Gnome 2.28.0

Wireshark version info: 

Wireshark build info:
Compiled with GTK+ 2.18.3, with GLib 2.22.2, with libpcap 1.0.0, with libz
1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.8, without
c-ares, without ADNS, without Lua, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with
MIT Kerberos, without GeoIP, with PortAudio V19-devel (built Jul 28 2009),
without AirPcap.

Running on Linux, with libpcap version 1.0.0, GnuTLS
2.8.5, Gcrypt 1.4.4.

Built using gcc 4.4.2 20091027 (Red Hat 4.4.2-7).

Comment 7 Manoj 2011-03-24 04:29:31 UTC
Hi Radek Vokal,
Im experiencing similar issue with wireshark1.08 and 1.4.4 on RHL-EL5. I have installed Wireshark 1.4.4 and later 1.0.8 from a source tarball. Once i try to launch wireshark using "sudo wireshark" error pops up as
"Cant get pathname of Wireshark: "wireshark" not found in "/usr/bin:/bin".
it wont be possilbe to capture traffic. Report this to the wireshark developers."
and also some dumpcap not found error pops us when i choose capture->interface.

Can you pls let me know how to resolve this issue?

Comment 8 Manoj 2011-03-24 04:30:51 UTC
Created attachment 487189 [details]
Error displayed on launching wireshark 1.0.8 or 1.4.4

Note You need to log in before you can comment on or make changes to this bug.