Hi,
Like Anders says, there are multiple factors, of which #2 is usually the
most common cause of hitting the memory barrier.
> The purpose is to use
> Wireshark's analytical capabilities to process a very large set of data
in
> toto.)
CACE Technologies [1] understood this requirement and created Pilot for
that.
Have a look at "Enhance Wireshark" on the Wireshark website.
Thanx,
Jaap
[1] CACE Technologies is the host for open source Wireshark and commercial
advanced capture tools.
On Tue, 27 Oct 2009 08:25:08 +0100, "Anders Broman"
<anders.broman@xxxxxxxxxxxx> wrote:
> Hi,
> There is separate issues here:
> 1) The largest file pointer possible to use e.g. physical file size.
> 2) The amount of memory used by Wireshark when analyzing a file/trace.
>
> 2 depends on the protocols in the trace and on preference settings in
> Wireshark, reassembly
> Uses memory conversation tracking does to etc.
>
> A lot of work has been put into the trunk version of Wireshark to try to
> reduce the amount of memory used,
> fix memory leaks etc and also to speed up loading of the file.
Development
> snapshot 1.3.1 is due to be released soon or you could try a development
> build.
>
> Note that with large files filtering and other operations may becom slow
> so you want to keep your files as small as possible.
>
> Regards
> Anders
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Joel Seidman
> Sent: den 27 oktober 2009 06:21
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: [Wireshark-users] Maximum file size?
>
> Hi All.
>
> I want to know the maximum capture file size (if there is one) that can
be
> loaded into 64-bit wireshark. I can't seem to find a definitive answer.
>
> I recently installed V 1.2.2 (SVN Rev. 29910) on a Vista computer (with
a
> substantial amount of RAM). I selected the 64-bit version when I
downloaded
> it. I believe the required Service Pack was installed also (need to
> confirm).
>
> I eventually expect to have a capture file of several hundred MB or
more.
> I haven't actually had a problem loading a large file in 64-bit wire
shark
> (did with 32-bit version), but I did an experiment that may be related.
I
> have a capture file of 143 Meg. I loaded it, which went OK. Then I
> attempted to load it again in concatenation mode, and got an error box:
> "This application has requested the Runtime to terminate in an unusual
way.
> Please contact the application support team for more information...".
>
> So my question is, basically, what's the max? And whatever the answer,
is
> it possible to increase it by re-building from source? Any other
> suggestions?
>
> (I have read suggestions to break a large file up into smaller pieces,
but
> I'd like to avoid that step if it's possible. The purpose is to use
> Wireshark's analytical capabilities to process a very large set of data
in
> toto.)
>
> TIA.
>
> -- Joel
>
