Red Hat Bugzilla – Bug 397851
Wireshark crashes when selecting capture interface
Last modified: 2011-03-24 00:30:51 EDT
Description of problem: Wireshark crashes when selecting the capture interface through Capture -> Interfaces. The output on the console is: $ sudo wireshark wireshark: Fatal IO error 11 (Resource temporarily unavailable) on X server :0.0. Gdk-ERROR **: The program 'wireshark' received an X Window System error. This probably reflects a bug in the program. The error was 'BadIDChoice (invalid resource ID chosen for this connection)'. (Details: serial 3503 error_code 14 request_code 53 minor_code 0) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.) aborting... Aborted Version-Release number of selected component (if applicable): wireshark-0.99.6-3.fc8 How reproducible: Every time. The error message is sometimes a different: $ sudo wireshark wireshark: Fatal IO error 11 (Resource temporarily unavailable) on X server :0.0. wireshark: Fatal IO error 11 (Resource temporarily unavailable) on X server :0.0. Steps to Reproduce: 1. sudo wireshark 2. click "Capture", and then "Interfaces" 3. crash Actual results: The program crashes. Expected results: A dialog to let you select the capture interface. Additional info:
When diagnosing a bit more, I believe I have found the problem. Wireshark uses an external program called "dumpcap". It is looking for it in /usr/bin, but the RPM puts it in /usr/sbin. Workaround: ln -s /usr/sbin/dumpcap /usr/bin/dumpcap
Strange, I'm suspicious about your workaround. Wireshark is installed with /usr/sbin patch and all binaries are located there (/usr/bin/wireshark is consolehelper link). This works for me on Fedora 8, RHEL 5 and Fedora 6. Did you by any chance tried to install your own version of wireshark directly from a source tarball? Which interface does it crash with? All of them?
First to answer your questions: - I did not modify wireshark: $ rpm -q wireshark wireshark-0.99.6-3.fc8 $ rpm -V wireshark | wc -l 0 - Wireshark crashes even before you can select the capture interface. Selecting "Capture" and then "Interfaces" from the menu will lead to the crash immediately. Secondly I did some more investigation: After inspection of the wireshark source code it appears it looks for "dumpcap" in the same directory as the wireshark executable. If wireshark is started with an absolute path name, it takes the directory from argv[0]. If not, $PATH is searched for the wireshark executable. When running a command through sudo, only "/bin" and "/usr/bin" are in the path. This means that wireshark cannot find its own executable, and bad stuff happens. $ sudo sh -c 'echo $PATH' /usr/bin:/bin To confirm the hypothesis we can start wireshark with a full pathname and without: $ sudo /usr/sbin/wireshark # Select Capture -> Interfaces: no crash Starting wireshark without a full path name: $ sudo wireshark # Select Capture -> Interfaces: crash wireshark: Fatal IO error 11 (Resource temporarily unavailable) on X server :20.0. wireshark: Fatal IO error 11 (Resource temporarily unavailable) on X server :20.0. The conclusion must therefore be that the problem is caused by an interaction between sudo and wireshark.
I see the problem and why it is happening. I will have patch soon.
This should be fixed in wireshark-0.99.7-2.fc8
I don't really want to reopen this bug because it is so old, but the exact same thing is happening me using Wireshark 1.2.4-1 on Fedora 12 (x86_64). The only difference for me is that in my case, when I try to select a capture interface, not only does Wireshark crash, it also completely crashes my X server... Geert's workaround from comment #1 resolves the issue for me. I'm using Fedora 12, running Gnome 2.28.0 Wireshark version info: wireshark-gnome-1.2.4-1.fc12.x86_64 wireshark-1.2.4-1.fc12.x86_64 Wireshark build info: Compiled with GTK+ 2.18.3, with GLib 2.22.2, with libpcap 1.0.0, with libz 1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.8, without c-ares, without ADNS, without Lua, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT Kerberos, without GeoIP, with PortAudio V19-devel (built Jul 28 2009), without AirPcap. Running on Linux 2.6.31.6-166.fc12.x86_64, with libpcap version 1.0.0, GnuTLS 2.8.5, Gcrypt 1.4.4. Built using gcc 4.4.2 20091027 (Red Hat 4.4.2-7).
Hi Radek Vokal, Im experiencing similar issue with wireshark1.08 and 1.4.4 on RHL-EL5. I have installed Wireshark 1.4.4 and later 1.0.8 from a source tarball. Once i try to launch wireshark using "sudo wireshark" error pops up as "Cant get pathname of Wireshark: "wireshark" not found in "/usr/bin:/bin". it wont be possilbe to capture traffic. Report this to the wireshark developers." and also some dumpcap not found error pops us when i choose capture->interface. Can you pls let me know how to resolve this issue?
Created attachment 487189 [details] Error displayed on launching wireshark 1.0.8 or 1.4.4