Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows 2003 Server

From: bart sikkes <b.sikkes () gmail com>
Date: Tue, 4 Dec 2012 17:36:36 +0100
not sure if it is the exact reason, but you might have run into this:

http://wiki.wireshark.org/KnownBugs/OutOfMemory

as mentioned in the article and the other email also, capturing for
longer time / data shouldn't be done with the gui.

greetings,
bart

On Mon, Dec 3, 2012 at 10:58 PM,  <Tim.Poth () bentley com> wrote:

Not sure what’s up but if you’re just capturing traffic to look at later
maybe you would be better trying tshark or dumpcap



Run dumpcap –D to get your interface list

EG

C:\Program Files\Wireshark>dumpcap -D

1. \Device\NPF_{8CF5911A-754C-4F6D-98B9-E1234E231E00} (Intel(R) 82578DM
Gigabit Network Connection)

2. \Device\NPF_{F458FCE1-7DB4-419F-A28B-93679D91D30F} (Microsoft
Corporation)

3. \Device\NPF_{978FA0EA-B2E3-4E59-AF48-3674AA75DF55} (Microsoft)

4. \Device\NPF_{02060821-E84A-4AC8-A15C-5B942C5C3975} (Microsoft
Corporation)

5. \Device\NPF_{42084919-7FD3-4D55-8989-D5BAB9BB5615} (Microsoft)


One you select your interface the number will go after –i in the following
command. This example uses interface #1 on my system (note outlook mail
client sometimes messes up the dashs so you may not be able to copy and
paste, you have to retype)

EG

dumpcap -i 1 -b filesize:30000 -b files:20 -w c:\temp\packetcapture.pcap



Please ensure the output directory exists first! When your ready to stop hit
control+c (or kill the command prompt but sometimes this will ‘trash’ the
last packet in the capture and wireshark will complain when you open the
file)



Hope that helps

tim



From: wireshark-users-bounces () wireshark org
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of Jim Hurley
Sent: Monday, December 3, 2012 3:23 PM
To: wireshark-users () wireshark org
Subject: [Wireshark-users] Windows 2003 Server



Hello,

I installed the latest version of Wireshark onto a server running Windows
2003 Server. The installation went fine, and Win PCap 4.2 installed fine as
well.

I launched Wireshark and started capturing traffic, no filters, just a ring
buffer with 20 files each of 30 megabytes. After a period of time (1 hour
maybe 2) I get an error from the OS saying that Visual C++ has asked to
terminate in an unusual way.

Does anyone know what could be causing this???

Jim


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: