Re: running multiple instances

[Guy Harris <guy () alum mit edu>]

On Nov 10, 2009, at 9:33 AM, Nicole Powell wrote:

> Could it also relate to cap vs. pcap file? I tried 145KB .cap file  
> and it ran fine but a 130KB .pcap file stalls tshark as well.

What is a ".cap file"?  There are at least two Windows packets I know  
of (Windows Sniffer and Microsoft Network Monitor) that use ".cap" as  
a suffix, and their file formats are different.  Furthermore, there  
are probably at least some libpcap-format files that have ".cap" as  
the suffix.

In any case, the chances that it's an issue with the file format are  
extremely slim; it's probably a problem with the packets in the file.

Also, "stalls" and "gives an application error and shuts down" are  
different problems.

> In addition, these commands are done using Python and that's when  
> the errors occurs. If I perform the commands from the command  
> prompt, it runs fine.

(Perform them from the command prompt with the same file?)

If you run them from Python, the Python interpreter and at least one  
instance of TShark are running at the same time.  If you ran Python  
from the command line, the command-line shell, the Python interpreter,  
and at least one instance of TShark are running at the same time.

If you run them from the command line, the command-line shell and at  
least one instance of TShark are running at the same time, but you're  
not running Python.  Perhaps the Python interpreter is taking enough  
memory that you run out of swap/paging space, and thus cause attempts  
by TShark to allocate memory to fail?

(This assumes the application error is a failure to allocate memory.)

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe