Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: Re: [Wireshark-dev] Runtime error after a few hours of running

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Joshua (Shiwei) Zhao" <swzhao@xxxxxxxxx>
Date: Wed, 4 Feb 2009 18:39:39 -0800

I found the "etherXXXX" file in temp directory, which is over 1GB. I tried to load it with Wireshark. It expected at least 30min to load.
But the same error happens again after 10min and only 20% packets were loaded.
 
Then I tried again and watched in Task Manager that the PF usage kept increasing until almost 100%. It crashed again as about 20% loaded.
 
So it's most likely a 'out of memory'?
 
I haven't tried 1.0.5. I may try it later...

On Wed, Feb 4, 2009 at 5:02 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

On Feb 4, 2009, at 4:27 PM, Bill Meier wrote:

> My first guess would be "out of memory".

Although for that I'd expect either

       1) "Access violation reading location 0x00000000" (or some other
small value), i.e. a null-pointer dereference from something that did
a malloc() and didn't check whether it succeeded

or

       2) an assertion failure message from g_malloc() calling abort() on
failure (I think abort() failures turn up as a unique type of failure
on Windows).

Is there an "etherXXXXXX" file, for some value of "XXXXXX", in your
(Joshua's) temporary file directory?  (I forget where Windows hides
the per-user temporary file directory.)  If so, does Wireshark crash
if you try to read it?

(Also, what happens with Wireshark 1.0.5, the current version?)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

  • References:
    • [Wireshark-dev] Runtime error after a few hours of running
      • From: Joshua (Shiwei) Zhao
    • Re: [Wireshark-dev] Runtime error after a few hours of running
      • From: Bill Meier
    • Re: [Wireshark-dev] Runtime error after a few hours of running
      • From: Guy Harris
  • Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Solaris-10-SPARC
  • Next by Date: Re: [Wireshark-dev] explicitly stop capture with Tshark
  • Previous by thread: Re: [Wireshark-dev] Runtime error after a few hours of running
  • Next by thread: [Wireshark-dev] buildbot failure in Wireshark (development) on Solaris-10-SPARC
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation