I found the "etherXXXX" file in temp directory, which is over 1GB. I tried to load it with Wireshark. It expected at least 30min to load.
But the same error happens again after 10min and only 20% packets were loaded.
Then I tried again and watched in Task Manager that the PF usage kept increasing until almost 100%. It crashed again as about 20% loaded.
So it's most likely a 'out of memory'?
I haven't tried 1.0.5. I may try it later...
On Wed, Feb 4, 2009 at 5:02 PM, Guy Harris
<guy@xxxxxxxxxxxx> wrote:
On Feb 4, 2009, at 4:27 PM, Bill Meier wrote:
> My first guess would be "out of memory".
Although for that I'd expect either
1) "Access violation reading location 0x00000000" (or some other
small value), i.e. a null-pointer dereference from something that did
a malloc() and didn't check whether it succeeded
or
2) an assertion failure message from g_malloc() calling abort() on
failure (I think abort() failures turn up as a unique type of failure
on Windows).
Is there an "etherXXXXXX" file, for some value of "XXXXXX", in your
(Joshua's) temporary file directory? (I forget where Windows hides
the per-user temporary file directory.) If so, does Wireshark crash
if you try to read it?
(Also, what happens with Wireshark 1.0.5, the current version?)