Re: Maximum file size?

["Joel Seidman" <joel2009 () fastmail us>]

Anders,
Thank you for your response. Since I'm on a 64-bit computer I was hoping
that 2 would not be an issue, but it appears it is. Nothing is ever
simple. I was hoping for a more definitive answer than, "It depends."
Thank you for the preference suggestions. We will also try 1.3.1 and see
what happens.
-- Joel

On Tue, 27 Oct 2009 08:25 +0100, "Anders Broman"
<anders.broman () ericsson com> wrote:
> Hi,
> There is separate issues here:
> 1) The largest file pointer possible to use e.g. physical file size.
> 2) The amount of memory used by Wireshark when analyzing a file/trace.
>
> 2 depends on the protocols in the trace and on preference settings in
> Wireshark, reassembly
> Uses memory conversation tracking does to etc.
>
> A lot of work has been put into the trunk version of Wireshark to try to
> reduce the amount of memory used,
> fix memory leaks etc and also to speed up loading of the file.
> Development snapshot 1.3.1 is due to be released soon or you could try a
> development build.
>
> Note that with large files filtering and other operations may becom slow
> so you want to keep your files as small as possible.
>
> Regards
> Anders
>
> -----Original Message-----
> From: wireshark-users-bounces () wireshark org
> [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Joel Seidman
> Sent: den 27 oktober 2009 06:21
> To: wireshark-users () wireshark org
> Subject: [Wireshark-users] Maximum file size?
>
> Hi All.
>
> I want to know the maximum capture file size (if there is one) that can
> be loaded into 64-bit wireshark. I can't seem to find a definitive
> answer. 
>
> I recently installed V 1.2.2 (SVN Rev. 29910) on a Vista computer (with a
> substantial amount of RAM). I selected the 64-bit version when I
> downloaded it. I believe the required Service Pack was installed also
> (need to confirm).
>
> I eventually expect to have a capture file of several hundred MB or more.
> I haven't actually had a problem loading a large file in 64-bit wire
> shark (did with 32-bit version), but I did an experiment that may be
> related.  I have a capture file of 143 Meg. I loaded it, which went OK.
> Then I attempted to load it again in concatenation mode, and got an error
> box: "This application has requested the Runtime to terminate in an
> unusual way. Please contact the application support team for more
> information...".
>
> So my question is, basically, what's the max? And whatever the answer, is
> it possible to increase it by re-building from source? Any other
> suggestions?
>
> (I have read suggestions to break a large file up into smaller pieces,
> but I'd like to avoid that step if it's possible. The purpose is to use
> Wireshark's analytical capabilities to process a very large set of data
> in toto.)
>
> TIA.
>
> -- Joel
> --
>   Joel Seidman
>   joel2009 () fastmail us
>
> --
> http://www.fastmail.fm - A no graphics, no pop-ups email service
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org?subject=unsubscribe
-- 
  Joel Seidman
  joel2009 () fastmail us

-- 
http://www.fastmail.fm - Choose from over 50 domains or use your own

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe