just a note:
I know I am not using solely the sniffer application, and it's most possible the error is in my addition of the multithreading, I have looked at it hard before posting. If you feel this question is out of place in the forum I completely understand. just a reply of whether my understanding of "snifferServer" is correct would suffice if you are not able to elaborate...

thanks,
Dan

thanks for your reply - however, I already solved the problem and suggest you patch it if possible:
while the session table is thread safe, the usage of ssl_decodePacket isn't thread safe, even if the the same session is always treated by the same thread:
note that whenever ssl_decodePacket is called, if syn is encountered the "CreateSession" method is invoked, which in turn calls RemoveStaleSessions. there, "old" sessions are removed, but no one makes sure that another thread is not currently using these "old" sessions. the bug is that currently used sessions are considered "old". this can be easily fixed by adding the following (one) line to the "GetSnifferSession" method in "sniffer.c" after the session is pointer is acquired and verified as non-null:

static SnifferSession* GetSnifferSession(...){
    ...
    while(session){ //obtaining the session according to ipInfo tcpInfo passed to the function
    }
    unlock(&SessionMutex);
    if(session){ //checking if a session was actually found
       .... 
       session->bornOn = time(NULL); ///******* new code ! *********// <--------------------
    }
}

this patch allows multithreaded use of ssl_decodePacket (assuming of course session-wise load balancing between the threads), and will not cause thread X to free a session thread Y is currently working on.
in addition, this also fixes a functionality problem (as I see it...), you don't really want to throw away a session SNIFFER_TIMEOUT seconds from arrival time, but only if the session was silent for SNIFFER_TIMEOUT.

what do you think?

regards,
Dan