Wireshark-bugs: [Wireshark-bugs] [Bug 5979] New: Wireshark crashes when running over night (coll
Date: Wed, 1 Jun 2011 03:40:53 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5979

           Summary: Wireshark crashes when running over night (collecting
                    lot of data)
           Product: Wireshark
           Version: 1.4.6
          Platform: x86-64
        OS/Version: Windows Vista
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Build Information:
x xx 01.06.2011, 09.00 - 10.00                Test-Ergebnis: Fehler auf allen 4
Instanzen (4 x neuester curl) im Nacht-Test aufgetreten,
                                              leider wieder Absturz von
(neuestem) Wireshark

--
I have a test environment where a webserver is accessed and files are
downloaded again and again. I let wireshark create a trace in case something
does not work as expected. When doing it over night, in the morning i get a
crash reports
of wireshark and trace is lost.
BTW: Computer running wireshark is Vista (64 bit edition), 
with 16 GByte of memory.

First i had an old version 1.2.x installed. There was the same problem.
Now i installed latest version, i found yesterday (1.4.6), i took x64
version, but got the same problem this morning. It looks like memory is 
running out.

Just some calculation: It looks like wireshark needs 4 MByte each minute.
I have 16 GBytes, so it should take 66 hours to fill complete memory.
But this happens earlier.
Perhaps there is 2 GByte limit, that it would be around 8 hours.
This i can think could be valid.

In my opinion crashing is the worst reaction. I have no trace at all.
Perhaps it is better to stop monitoring and tell the user that memory is full.

Additional ideas:

I don't know if it is possible or already implemented:
I would also be nice to e.g. give wireshark x GB of memory
and collect data as a ring buffer. Oldest data is last, but you always get
latest x GByte of trace when you stop capturing.
(But then perhaps also triggers would be nice, e.g. when a certain condition
happens the capture is stopped, or stopped 1 minute later, or 1000 packets 
later...)

Or would it be possible to write data continues to disk ?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.