Wireshark mailing list archives

Re: assertion when using tshark/wireshark on large captures

From: "Bahr, Brad (Adecco Engineering & Technical)" <brad.bahr () hp com>
Date: Thu, 17 Feb 2011 00:48:31 +0000

Thank you Guy and Steve for your input regarding this pesky memory issue.  I'll go ahead and submit a bug report with 
the information you have provided. Steve, I have been over the Out Of Memory wiki several times over the past couple of 
years and refreshed myself on it earlier this week, but it doesn't seem to apply to my particular situation as I am 
running both a 64 bit OS and a 64 bit version of Wireshark, and have plenty of ram to spare ( I have 12GB of physical 
memory with about 6 GB free even after wireshark/tshark has consumed its ~2GB ... before failing).

Thanks again,
Brad

From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Bahr, 
Brad (Adecco Engineering & Technical)
Sent: Wednesday, February 16, 2011 3:32 PM
To: wireshark-users () wireshark org
Subject: [Wireshark-users] assertion when using tshark/wireshark on large captures

I am running the 64bit version of Wireshark/tshark (v1.4.3 rev35482 - compiled download) on a 64bit Windows 7 box.  
When I am applying read filters to large captures (1.5GB+) with tshark, I get this assertion:

ERROR:emem.c:652:???: assertion failed: (ret != 0 || versinfo.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)

Also in stderr are numerous warnings about dissector bugs with the SMB2 and VNC protocols.  I'm not sure if these are 
related but thought they would be worth mentioning.  From a cursory glance at the source heading of emem.c, I gather 
that this file provides memory management / garbage cleanup functions.  I'm definitely a novice when it comes to C/C++, 
so I don't have a clue as to what would be causing g_assert to be getting a false from "ret != 0 || 
versinfo.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS".

If I try to open this same capture file with Wireshark, it also dies a terrible death before the capture is loaded.  
Both tshark and Wireshark seem to be croaking when they have consumed about 2GB of memory, which makes me wonder if its 
related to some 32bit snafu.  My box has dual quad xeons and 12GB of ram, so hardware is likely not a concern.  Any 
ideas??

Thanks,
Brad

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

assertion when using tshark/wireshark on large captures Bahr, Brad (Adecco Engineering & Technical) (Feb 16)
- Re: assertion when using tshark/wireshark on large captures Guy Harris (Feb 16)
- Re: assertion when using tshark/wireshark on large captures Stephen Fisher (Feb 16)
- Re: assertion when using tshark/wireshark on large captures Bahr, Brad (Adecco Engineering & Technical) (Feb 16)
- <Possible follow-ups>
- assertion when using tshark/wireshark on large captures Bahr, Brad (Adecco Engineering & Technical) (Feb 17)