ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Memory vs Wireshark

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Anders Broman <a.broman@xxxxxxxxx>
Date: Wed, 11 Aug 2010 18:17:39 +0200
Anders Broman skrev 2010-08-11 17:19:

Jeff Morriss skrev 2010-08-11 16:45:

Emilio Honorio de Melo wrote:


Dear all,

Please, I need your help.

I've been using the wireshark to capture some data from a 3G network.
I've been face some problems regarding to RAM memory.
Here it is the configuration set:

- 8GB RAM
- Windows server 2008 64bit
- HD West Digital Black 7200 RPM / 64MB Buffer / 2TB
- Attansic L1 Gigabit Ethernet 10/100/1000 Base-T Adapter

I just can captures files of 200MB ~ 300MB large. More than this, I got
out of memory crash.

And when I process with Wireshark 32bit version (1.2.9), I can run with
no problem untill the Windows task manager point 3GB physical use of. If
I run the wireshark 64bit version (1.2.10), I got only 2GB...


It's interesting that the 64-bit version can only use 2 Gb of RAM.
According to what's on http://wiki.wireshark.org/KnownBugs/OutOfMemory
the 64-bit version should be able to use a lot more...

(I don't know enough about Windows to understand why that might be the
case.)


You might want to try out 1.4.RC2 it uses considerable less memory and
opens files a lot faster.
/Anders
- You can use dumpcap and ring buffers creating a new file every 100 Mb or so. 
- You can use editcap to split your existing files into manageable chunks.
- Use capture filters if possible to reduce the number of packets captured.

Out of interest what protocols are in the trace?
Regards
Anders

___________________________________________________________________________
Sent via:    Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
               mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube