# wireshark-1.4.4 and zlib-1.2.5-r2: capture stops

## r_pns

Hi all,

After upgrading to sys-libs/zlib-1.2.5-r2 stabilized recently, I faced a problem similar to an old  wireshark bug. Whenever built with USE="+zlib", wireshark-1.4.4 misses most of the packets after capturing for a while. There is the following error message:

```
Warn Error "File contains a record that's not valid" while reading: "/tmp/wiresharkXXXXlLuyvd"
```

This issue was known and confirmed upstream:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4708

Moreover, they say that it was fixed in wireshark-1.2.9:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4708#c5

However, there is some evidence the issue persists for 1.4.*:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4955#c14

at least on Gentoo - presumably due to the Gentoo specific patches for zlib-1.2.5

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4955#c15

As there are no Gentoo bug reports on the issue, I wonder if somebody else has encountered it or something is wrong with my system.

```

wireshark 1.4.4

Copyright 1998-2011 Gerald Combs <gerald@wireshark.org> and contributors.

This is free software; see the source for copying conditions. There is NO

warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.22.1, with GLib 2.26.1, with libpcap 1.1.1, with

libz 1.2.5, with POSIX capabilities (Linux), with libpcre (version unknown),

without SMI, without c-ares, with ADNS, without Lua, with Python, with GnuTLS

2.10.5, without Gcrypt, without Kerberos, with GeoIP, without PortAudio, without

AirPcap.

Running on Linux 2.6.36-gentoo-r8, with libpcap version 1.1.1, with libz 1.2.5,                            

GnuTLS 2.10.5.

Built using gcc 4.4.5.  

```

```

net-analyzer/wireshark-1.4.4  USE="adns caps geoip gtk pcap pcre python ssl threads zlib -ares -doc -doc-pdf -gcrypt -ipv6 -kerberos -lua -portaudio -profile (-selinux) -smi"

```

CFLAGS are fairly conservative.

----------

## r_pns

BTW, tshark captures packets just fine. (the original wireshark bug 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4955

also affects tshark)

----------

## r_pns

Curiously enough, I can reproduce the issue on one of my systems only.  That one is

```

Portage 2.1.9.42 (default/linux/amd64/10.0/desktop/kde, gcc-4.4.5, glibc-2.11.3-r0, 2.6.36-gentoo-r8 x86_64)

=================================================================

System uname: Linux-2.6.36-gentoo-r8-x86_64-AMD_Phenom-tm-_II_X4_940_Processor-with-gentoo-1.12.14

```

While a very similar system below is not affected by the issue:

```

Portage 2.1.9.42 (default/linux/amd64/10.0/no-multilib, gcc-4.4.5, glibc-2.11.3-r0, 2.6.36-gentoo-r8 x86_64)

=================================================================

System uname: Linux-2.6.36-gentoo-r8-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T7250_@_2.00GHz-with-gentoo-1.12.14

```

Moreover, I have discovered that gentoo patches against zlib-1.2.5 have nothing to do with the problem.

What all this stuff could be down to?

----------

## thealbatross

I've been having the same problem as well. It's extremely annoying. I'm rebuilding w/o zlib right now.

I've had some difficulty reproducing the issue on different machines. I've tried this with several kernels; none of them seem to work.  :Sad: 

I'm about where you are system-wise. It's probably not relevant (this seems to be a wireshark and not a kernel bug) but I'm using an atheros 9000-series wireless card.

----------

