Wireshark-users: Re: [Wireshark-users] Reliability?

From: Boaz Galil <boaz20@xxxxxxxxx>
Date: Fri, 19 Feb 2010 14:35:38 +0200
Guy,
 
Is there a way to know when the machine will run out of memory? (for example running Tshark for 1 hour = leak XMB.. or something like that.)
 
tcpdump is not part of the wireshark package, is there any solution for long packet capture with wireshark package?

On Fri, Feb 19, 2010 at 2:14 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

On Feb 18, 2010, at 4:06 PM, Bob Carlson wrote:

> We have been trying to do a long running capture and we cannot keep Wireshark up and running. WS is up to date. We are monitoring 1 port and writing out 100MB files. Each file is filled in a 2-4 hours. WS will not stay up forever. It dies every so often. We are trying a larger buffer size.
>
> Are there any known issues?

Other than "dissecting packets consumes memory, so if you use Wireshark or TShark to do a long running capture, you will eventually run out of memory and Wireshark/TShark will fail"?

The way to avoid that issue is not to use Wireshark or TShark to do long-running captures, and to use dumpcap instead.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Boaz.