Wireshark mailing list archives
Re: wireshark on win7 x64
From: Jeff Sawatzky <jeff.sawatzky () niltzdesigns com>
Date: Sat, 14 Nov 2009 14:03:16 -0500
I figured out why wirehsark is crashing on me. It has to do with the following bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4172 I rolled back the marvell driver and now everything works fine... On Tue, Nov 10, 2009 at 3:00 PM, <wireshark-users-request () wireshark org>wrote:
Send Wireshark-users mailing list submissions to wireshark-users () wireshark org To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request () wireshark org You can reach the person managing the list at wireshark-users-owner () wireshark org When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Re: running multiple instances (Guy Harris) 2. Re: running multiple instances (Nicole Powell) 3. wireshark on win7 x64 (Jeff Sawatzky) 4. Re: running multiple instances (Guy Harris) 5. Re: wireshark on win7 x64 (Gerald Combs) 6. Can Wireshark recognize GigE Vision protocol? (Kevin) ---------------------------------------------------------------------- Message: 1 Date: Tue, 10 Nov 2009 09:24:23 -0800 From: Guy Harris <guy () alum mit edu> Subject: Re: [Wireshark-users] running multiple instances To: Community support list for Wireshark <wireshark-users () wireshark org> Message-ID: <FD3A68E0-71CC-4DA2-96D6-59419D696F2F () alum mit edu> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes On Nov 9, 2009, at 1:21 PM, Nicole Powell wrote:When I try this it gives an application error and shuts down Tshark. I tried these two commands on a smaller file (144KB) and it works fine; the file I am trying to use now is 4.59MB. Could it be the file size?Yes, it could be. There are some cases where TShark keeps information around in memory even after it's no longer needed (because TShark and Wireshark use the same dissector code and dissector framework, and, in Wireshark, that information could be needed as long as the file is open), so it can use a significant amount of memory on a large file. ------------------------------ Message: 2 Date: Tue, 10 Nov 2009 12:33:42 -0500 From: Nicole Powell <mznikkip () hotmail com> Subject: Re: [Wireshark-users] running multiple instances To: <wireshark-users () wireshark org> Message-ID: <SNT103-W25EE873C1CA64D82CC3ED3C6AB0 () phx gbl> Content-Type: text/plain; charset="iso-8859-1" Could it also relate to cap vs. pcap file? I tried 145KB .cap file and it ran fine but a 130KB .pcap file stalls tshark as well. In addition, these commands are done using Python and that's when the errors occurs. If I perform the commands from the command prompt, it runs fine.From the desk of Nicole A. Powell.....From: guy () alum mit edu To: wireshark-users () wireshark org Date: Tue, 10 Nov 2009 09:24:23 -0800 Subject: Re: [Wireshark-users] running multiple instances On Nov 9, 2009, at 1:21 PM, Nicole Powell wrote:When I try this it gives an application error and shuts down Tshark. I tried these two commands on a smaller file (144KB) and it works fine; the file I am trying to use now is 4.59MB. Could it be the file size?Yes, it could be. There are some cases where TShark keeps information around in memory even after it's no longer needed (because TShark and Wireshark use the same dissector code and dissector framework, and, in Wireshark, that information could be needed as long as the file is open), so it can use a significant amount of memory on a large file.___________________________________________________________________________Sent via: Wireshark-users mailing list <wireshark-users () wireshark org Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091110/340ec0ef/attachment.html ------------------------------ Message: 3 Date: Tue, 10 Nov 2009 12:57:57 -0500 From: "Jeff Sawatzky" <jeff.sawatzky () niltzdesigns com> Subject: [Wireshark-users] wireshark on win7 x64 To: <wireshark-users () wireshark org> Message-ID: <4af9a9a8.1358560a.5903.3407 () mx google com> Content-Type: text/plain; charset="us-ascii" Hello, I have installed wireshark 1.2.3 (which comes with winpcap 4.1.1) on a windows 7 x64 machine. Everything seems to be installed correctly, but when I launch wireshark I see the loading screen and then it disappears and the wireshark process exits. Anyone know why this is happening, or how I can track down the problem further? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091110/ba34e6e0/attachment.htm ------------------------------ Message: 4 Date: Tue, 10 Nov 2009 10:19:35 -0800 From: Guy Harris <guy () alum mit edu> Subject: Re: [Wireshark-users] running multiple instances To: Community support list for Wireshark <wireshark-users () wireshark org> Message-ID: <C1EDEFCF-5DD9-46F1-9A82-2009849857EE () alum mit edu> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes On Nov 10, 2009, at 9:33 AM, Nicole Powell wrote:Could it also relate to cap vs. pcap file? I tried 145KB .cap file and it ran fine but a 130KB .pcap file stalls tshark as well.What is a ".cap file"? There are at least two Windows packets I know of (Windows Sniffer and Microsoft Network Monitor) that use ".cap" as a suffix, and their file formats are different. Furthermore, there are probably at least some libpcap-format files that have ".cap" as the suffix. In any case, the chances that it's an issue with the file format are extremely slim; it's probably a problem with the packets in the file. Also, "stalls" and "gives an application error and shuts down" are different problems.In addition, these commands are done using Python and that's when the errors occurs. If I perform the commands from the command prompt, it runs fine.(Perform them from the command prompt with the same file?) If you run them from Python, the Python interpreter and at least one instance of TShark are running at the same time. If you ran Python from the command line, the command-line shell, the Python interpreter, and at least one instance of TShark are running at the same time. If you run them from the command line, the command-line shell and at least one instance of TShark are running at the same time, but you're not running Python. Perhaps the Python interpreter is taking enough memory that you run out of swap/paging space, and thus cause attempts by TShark to allocate memory to fail? (This assumes the application error is a failure to allocate memory.) ------------------------------ Message: 5 Date: Tue, 10 Nov 2009 10:34:13 -0800 From: Gerald Combs <gerald () wireshark org> Subject: Re: [Wireshark-users] wireshark on win7 x64 To: Community support list for Wireshark <wireshark-users () wireshark org> Message-ID: <4AF9B225.1010309 () wireshark org> Content-Type: text/plain; charset=UTF-8 Jeff Sawatzky wrote:I have installed wireshark 1.2.3 (which comes with winpcap 4.1.1) on a windows 7 x64 machine. Everything seems to be installed correctly, but when I launch wireshark I see the loading screen and then it disappears and the wireshark process exits. Anyone know why this is happening, or how I can track down the problem further?Do you have a Marvell Yukon NIC? If so, the problem will be fixed in 1.2.4 which is scheduled to be released next Monday (November 16). In the meantime you should be able to work around the problem by installing 1.0.10 or a recent development build from http://www.wireshark.org/download/automated/ See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4155#c33 for details. ------------------------------ Message: 6 Date: Tue, 10 Nov 2009 14:28:12 -0500 From: Kevin <kd8341 () gmail com> Subject: [Wireshark-users] Can Wireshark recognize GigE Vision protocol? To: wireshark-users () wireshark org Message-ID: <175e20420911101128u79459f4dj4a13667799d2885e () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Hi, all: I am new to WireShark, and just wondering: Can the wireshark recognize GigE Vision protocol? Or is there WireShark add-on for GVCP or GVSP analysis? Thanks! Regards, Kevin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091110/6313dfe4/attachment.htm ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users () wireshark org https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 42, Issue 24 ***********************************************
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- wireshark on win7 x64 Jeff Sawatzky (Nov 10)
- Re: wireshark on win7 x64 Gerald Combs (Nov 10)
- <Possible follow-ups>
- Re: wireshark on win7 x64 Jeff Sawatzky (Nov 14)