Comment # 1
on bug 12035
from Guy Harris
(In reply to Frank L from comment #0)
> When I after running a capture stop the capture, Wireshark sometimes (pls
> see 'Note' below) hangs forever and uses a lot of resources. I therefore
> used the Sysinternals process monitor and can see that Wireshark keeps
> trying to read from the
> "C:\Users\<my-
> usrid>\AppData\Local\Temp\wireshark_2_interfaces_20160119234912_a10072" and
> keeps getting "END OF FILE".
strace^Wprocess monitor FTW!
That's the temporary file to which dumpcap is writing captured packets. For
some reason, it thinks there should be more data in the file than there
actually is. Perhaps dumpcap told Wireshark "here's N more packets" but exited
(abnormally) before actually writing (as in WriteFile() and the NtWriteFile()
that it calls) the data to the file.
> When I try the same thing with Wireshark-gtk.exe (Legacy) from the same
> install this problem does not happen.
Or perhaps it got confused in ways that the code path for receiving messages
from dumpcap in the GTK+ version doesn't.
> Note: A circumvention for this problem seems to be : Create a new profile
> before starting each new capture (and only use the profile once - the same
> profile might work several times, but when a profile start failing once it
> keep failing).
You are receiving this mail because:
- You are watching all bug changes.