Wireshark-users: Re: [Wireshark-users] Memory question

From: János Löbb <janos.lobb@xxxxxxxx>
Date: Thu, 25 Mar 2010 11:29:20 -0400
Yes, I am, otherwise I cannot capture all the traffic on the switch- I might be wrong. Something is causing malformed packets, but not regularly, so my thought is to use brute force and capture a whole day of traffic. The hard drive would be able to hold it :-)

Thanks ahead,

János
On Mar 25, 2010, at 11:23 AM, M K wrote:

Are you in promiscuous mode?  That consumes more.

On 3/25/10, János Löbb <janos.lobb@xxxxxxxx> wrote:
Hi,

I thought that when I dedicate a file for the capture, the program
will not run out of memory, but rather from time to time writes the
captured data to this file. Yesterday I tried to capture as much as I
could on a PC with windows XP SP3 on it using WireShark 1.2.6 but
after some 20 minutes the program stopped and told it is out of
memory.  The data was in the file, but even after restarting the PC I
was unable to open it.  WireShark again posted an out of memory
message.  Looks to me that Wireshark wants to read all the content
into real memory and it fails.  The size of the file is 321.9MB.  The
machine is a 1.4Ghz Pentium 4 with 384MB of RAM

Is there any setting I can change to be able to open the file and work with it ? How folks are doing lengthier captures, like multiple hours ?

Thanks ahead,

János


___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
All that is necessary for evil to succeed is that good men do nothing.

             ~Edmund Burke
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe