Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Maximum file size?

From: "Anders Broman" <anders.broman () ericsson com>
Date: Tue, 27 Oct 2009 08:25:08 +0100
Hi,
There is separate issues here:
1) The largest file pointer possible to use e.g. physical file size.
2) The amount of memory used by Wireshark when analyzing a file/trace.

2 depends on the protocols in the trace and on preference settings in Wireshark, reassembly
Uses memory conversation tracking does to etc.

A lot of work has been put into the trunk version of Wireshark to try to reduce the amount of memory used,
fix memory leaks etc and also to speed up loading of the file. Development snapshot 1.3.1 is due to be released soon or 
you could try a development build.

Note that with large files filtering and other operations may becom slow so you want to keep your files as small as 
possible.

Regards
Anders

-----Original Message-----
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Joel 
Seidman
Sent: den 27 oktober 2009 06:21
To: wireshark-users () wireshark org
Subject: [Wireshark-users] Maximum file size?

Hi All.

I want to know the maximum capture file size (if there is one) that can be loaded into 64-bit wireshark. I can't seem 
to find a definitive answer. 

I recently installed V 1.2.2 (SVN Rev. 29910) on a Vista computer (with a substantial amount of RAM). I selected the 
64-bit version when I downloaded it. I believe the required Service Pack was installed also (need to confirm).

I eventually expect to have a capture file of several hundred MB or more. I haven't actually had a problem loading a 
large file in 64-bit wire shark (did with 32-bit version), but I did an experiment that may be related.  I have a 
capture file of 143 Meg. I loaded it, which went OK. Then I attempted to load it again in concatenation mode, and got 
an error box: "This application has requested the Runtime to terminate in an unusual way. Please contact the 
application support team for more information...".

So my question is, basically, what's the max? And whatever the answer, is it possible to increase it by re-building 
from source? Any other suggestions?

(I have read suggestions to break a large file up into smaller pieces, but I'd like to avoid that step if it's 
possible. The purpose is to use Wireshark's analytical capabilities to process a very large set of data in toto.)

TIA.

-- Joel
--
  Joel Seidman
  joel2009 () fastmail us

--
http://www.fastmail.fm - A no graphics, no pop-ups email service

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: