I googled some stuff about the $subj error (supposedly a more human
translation of "read error: PacketReceivePacket failed" ?!?), but
could not find any specific to the problem we are experiencing, except
for something I will describe as "interestingly associated" - which is
the following comment in an old thread:
http://seclists.org/wireshark/2010/Jan/368
What's our problem? Server running an application, communicating over
the network, which always fails around the same time, with a (many
times misleading, as we all know, when written ) app message "network
error". Running wireshark on the same system, around the same time,
leads to a failure reported by wireshark, at the same time as the
other app failure, with the $subj error. During all this time a simple
ping (no libpcap or whatever the other apps uses as "shim" between
NIC-driver-OS, etc.) to a remote host records NO interruption (!)
What's interesting to me, to mention the old thread above? Our windows
admin was monitoring perfmon at the time, and reported a sudden spike
in some of the variables he was looking at - so why would have GV
asked for this type of data in the 2010 thread? What could be of
interest there to possibly lead to this abrupt wireshark stoppage -
CPU, memory, network traffic, subprocesses like maybe libpcap parts,
etc.?!?
TIA,
***Stefan Mititelu
http://twitter.com/netfortius
http://www.linkedin.com/in/netfortius