Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Maximum file size?

From: "Joel Seidman" <joel2009@xxxxxxxxxxx>
Date: Tue, 27 Oct 2009 21:35:17 -0700
Anders,
Thank you for your response. Since I'm on a 64-bit computer I was hoping
that 2 would not be an issue, but it appears it is. Nothing is ever
simple. I was hoping for a more definitive answer than, "It depends."
Thank you for the preference suggestions. We will also try 1.3.1 and see
what happens.
-- Joel

On Tue, 27 Oct 2009 08:25 +0100, "Anders Broman"
<anders.broman@xxxxxxxxxxxx> wrote:
> Hi,
> There is separate issues here:
> 1) The largest file pointer possible to use e.g. physical file size.
> 2) The amount of memory used by Wireshark when analyzing a file/trace.
> 
> 2 depends on the protocols in the trace and on preference settings in
> Wireshark, reassembly
> Uses memory conversation tracking does to etc.
> 
> A lot of work has been put into the trunk version of Wireshark to try to
> reduce the amount of memory used,
> fix memory leaks etc and also to speed up loading of the file.
> Development snapshot 1.3.1 is due to be released soon or you could try a
> development build.
> 
> Note that with large files filtering and other operations may becom slow
> so you want to keep your files as small as possible.
> 
> Regards
> Anders
> 
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Joel Seidman
> Sent: den 27 oktober 2009 06:21
> To: wireshark-users@xxxxxxxxxxxxx
> Subject: [Wireshark-users] Maximum file size?
> 
> Hi All.
> 
> I want to know the maximum capture file size (if there is one) that can
> be loaded into 64-bit wireshark. I can't seem to find a definitive
> answer. 
> 
> I recently installed V 1.2.2 (SVN Rev. 29910) on a Vista computer (with a
> substantial amount of RAM). I selected the 64-bit version when I
> downloaded it. I believe the required Service Pack was installed also
> (need to confirm).
> 
> I eventually expect to have a capture file of several hundred MB or more.
> I haven't actually had a problem loading a large file in 64-bit wire
> shark (did with 32-bit version), but I did an experiment that may be
> related.  I have a capture file of 143 Meg. I loaded it, which went OK.
> Then I attempted to load it again in concatenation mode, and got an error
> box: "This application has requested the Runtime to terminate in an
> unusual way. Please contact the application support team for more
> information...".
> 
> So my question is, basically, what's the max? And whatever the answer, is
> it possible to increase it by re-building from source? Any other
> suggestions?
> 
> (I have read suggestions to break a large file up into smaller pieces,
> but I'd like to avoid that step if it's possible. The purpose is to use
> Wireshark's analytical capabilities to process a very large set of data
> in toto.)
> 
> TIA.
> 
> -- Joel
> --
>   Joel Seidman
>   joel2009@xxxxxxxxxxx
> 
> --
> http://www.fastmail.fm - A no graphics, no pop-ups email service
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
-- 
  Joel Seidman
  joel2009@xxxxxxxxxxx

-- 
http://www.fastmail.fm - Choose from over 50 domains or use your own