Wireshark-users: Re: [Wireshark-users] tshark and /tmp/etherXXXX files

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Dan Murphy" <danmurphy@xxxxxxxxx>
Date: Sat, 19 Jul 2008 12:22:46 -0400
tshark is not crashing.  If I set a packet count like such.
#tshark -ni eth5 -c5

tshark exits cleanly and still leaves a dump file behind in /tmp.   I have 5 servers we use for packet analysis
on span ports and 3 of them exhibit this behavior.  The 2 that have v99.5 do not, so it seems this
is a fairly new behavior as any server running 99.7 or newer behaves in this way.

My current work around is just a cron to remove them but I'd prefer to not use a work around if possible.


Thanks,
Dan


On Fri, Jul 18, 2008 at 10:31 PM, Luis EG Ontanon <luis@xxxxxxxxxxx> wrote:
I guess these are very large files. Most people wouldn't bother if they weren't.

So I guess you are doing long running captures and periodically tshark
crashes http://wiki.wireshark.org/KnownBugs/OutOfMemory .

You could "wrap" tshark in a script that cleans behind those files.

A Developer wonders if we can set a call back for when g_malloc() fails?


On Fri, Jul 18, 2008 at 10:50 PM, Dan Murphy <danmurphy@xxxxxxxxx> wrote:
> Just installed v 1.0.2.  Same thing.  tshark leave behind files in tmp.
>
>
>
> On Thu, Jul 17, 2008 at 10:19 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>>
>> On Jul 17, 2008, at 11:30 AM, Dan Murphy wrote:
>>
>> >     I'm running v 99.7 and I have a problem where the temp
>> > files are kind of becoming unmanageable.  I noticed my old version
>> > 99.5 does not create these.
>>
>> What happens if you run the *current* version of TShark, which is 1.0.2:
>>
>>        http://www.wireshark.org/news/20080710.html
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>



--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users