Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 1358] New: tshark -q -r -z io, stat, 60, ... fails on 10Gb file

Wireshark-bugs: [Wireshark-bugs] [Bug 1358] New: tshark -q -r -z io, stat, 60, ... fails on 10Gb

Date: Wed, 7 Feb 2007 16:12:06 +0000 (GMT)

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1358

           Summary: tshark -q -r -z io,stat,60,... fails on 10Gb file
           Product: Wireshark
           Version: 0.99.5
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: ben@xxxxxxxxxxxxxxxx


Build Information:
TShark 0.99.5 (SVN Rev 20677)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.12.7, with WinPcap (version unknown), with libz 1.2.3,
with
libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1, with GnuTLS 1.6.1,
with
Gcrypt 1.2.3, with MIT Kerberos.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0
(packet.dll version 4.0.0.755), based on libpcap version 0.9.5.

Built using Microsoft Visual C++ 6.0 build 8804
--
A 48 hour capture was generated using wireshark, auto-split into ~2000 10Mb
files.

These were then consolidated into 2 ~10Gb files using mergecap -a -w

Attempting to generate io stats failed with:

***MEMORY-ERROR***: tshark.exe[2532]: GSlice: failed to allocate 4088 bytes
(alignment: 4096): Unknown error

after significant execution time (>5minutes) but no output
Hardware is P4 2.8GHz 3.5Gb Ram.

tshark command line was:

tshark -q -r "napier_0.cap" -z "io,stat,60,
ip.addr==10.36.98.0/24 && (http||tcp.port==80),
ip.addr==10.36.98.0/24 && nbss||tcp.port==445,
ip.addr==10.36.100.0/24 && (http||tcp.port==80),
ip.addr==10.36.100.0/24 && nbss||tcp.port==445,
ip.addr==10.36.99.0/24 && (http||tcp.port==80),
ip.addr==10.36.99.0/24 && nbss||tcp.port==445,
ip.addr!=10.36.98.0/24 &&
ip.addr!=10.36.100.0/24 &&
ip.addr!=10.36.99.0/24 &&
ip.addr==10.36.96.0/24 && (http||tcp.port==80),
ip.addr!=10.36.98.0/24 &&
ip.addr!=10.36.100.0/24 &&
ip.addr!=10.36.99.0/24 &&
ip.addr==10.36.96.0/24 && nbss||tcp.port==445,
smtp"
>> "consolidated.txt"

[split to multi lines for slightly easier reading]

workaround is to merge to smaller files.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Follow-Ups:
- [Wireshark-bugs] [Bug 1358] tshark -q -r -z io, stat, 60, ... fails on 10Gb file
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 1357] "lemon" creates bogus ".c" sources files which crash GCC 3.3.x
Next by Date: [Wireshark-bugs] [Bug 1357] "lemon" creates bogus ".c" sources files which crash GCC 3.3.x
Previous by thread: [Wireshark-bugs] [Bug 1357] "lemon" creates bogus ".c" sources files which crash GCC 3.3.x
Next by thread: [Wireshark-bugs] [Bug 1358] tshark -q -r -z io, stat, 60, ... fails on 10Gb file
Index(es):
- Date
- Thread