Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Memory question

From: János Löbb <janos.lobb () yale edu>
Date: Thu, 25 Mar 2010 11:29:20 -0400
Yes, I am, otherwise I cannot capture all the traffic on the switch- I  
might be wrong.  Something is causing malformed packets, but not  
regularly, so my thought is to use brute force and capture a whole day  
of traffic.  The hard drive would be able to hold it :-)

Thanks ahead,

János
On Mar 25, 2010, at 11:23 AM, M K wrote:


Are you in promiscuous mode?  That consumes more.

On 3/25/10, János Löbb <janos.lobb () yale edu> wrote:

Hi,

I thought that when I dedicate a file for the capture, the program
will not run out of memory, but rather from time to time writes the
captured data to this file.  Yesterday I tried to capture as much  
as I
could on a PC with windows XP SP3 on it using WireShark 1.2.6 but
after some 20 minutes the program stopped and told it is out of
memory.  The data was in the file, but even after restarting the PC I
was unable to open it.  WireShark again posted an out of memory
message.  Looks to me that Wireshark wants to read all the content
into real memory and it fails.  The size of the file is 321.9MB.  The
machine is a 1.4Ghz Pentium 4 with 384MB of RAM

Is there any setting I can change to be able to open the file and  
work
with it ?  How folks are doing lengthier captures, like multiple  
hours ?

Thanks ahead,

János


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org 



Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe




-- 
All that is necessary for evil to succeed is that good men do nothing.

             ~Edmund Burke
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org 



Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: