Hi,
I am working on a wiretap interface for a new trace format. As part of testing it, I tried to open a file with 1,227,400 packets. There was no packet size limit set during capture (max packet size 1514). When I tried to open this file (219MB), using wireshark built with my changes synced to the latest trunk, here are my observations:
System: Win XP, 1GB RAM, P4, 2.8 GHz
CPU (upto 82% of file read): 100%
Init Page File Usage (after starting wireshark, before opening file): 564MB
Max Page File Usage: 2.25GB
The file load failed after reading 97% of the file for close to 5 mins. I have attached a doc with the screen shot when I got the memory allocation failure assert.
My question:
Is there a known limit on the number of packets that wireshark can deal with in a single file? or
Should I look into my code for possible memory mis-management.
thanks,
Ravi.
Attachment:
wireshark_mem_issue.doc
Description: MS-Word document