Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reliability?

From: Boaz Galil <boaz20 () gmail com>
Date: Fri, 19 Feb 2010 14:35:38 +0200
Guy,

Is there a way to know when the machine will run out of memory? (for example
running Tshark for 1 hour = leak XMB.. or something like that.)

tcpdump is not part of the wireshark package, is there any solution for long
packet capture with wireshark package?

On Fri, Feb 19, 2010 at 2:14 AM, Guy Harris <guy () alum mit edu> wrote:



On Feb 18, 2010, at 4:06 PM, Bob Carlson wrote:


We have been trying to do a long running capture and we cannot keep

Wireshark up and running. WS is up to date. We are monitoring 1 port and
writing out 100MB files. Each file is filled in a 2-4 hours. WS will not
stay up forever. It dies every so often. We are trying a larger buffer size.


Are there any known issues?


Other than "dissecting packets consumes memory, so if you use Wireshark or
TShark to do a long running capture, you will eventually run out of memory
and Wireshark/TShark will fail"?

The way to avoid that issue is not to use Wireshark or TShark to do
long-running captures, and to use dumpcap instead.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe





-- 
Boaz.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: