On Feb 18, 2010, at 4:06 PM, Bob Carlson wrote:
> We have been trying to do a long running capture and we cannot keep Wireshark up and running. WS is up to date. We are monitoring 1 port and writing out 100MB files. Each file is filled in a 2-4 hours. WS will not stay up forever. It dies every so often. We are trying a larger buffer size.
>
> Are there any known issues?
Other than "dissecting packets consumes memory, so if you use Wireshark or TShark to do a long running capture, you will eventually run out of memory and Wireshark/TShark will fail"?
The way to avoid that issue is not to use Wireshark or TShark to do long-running captures, and to use dumpcap instead.