Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] assertion when using tshark/wireshark on large captures

From: "Bahr, Brad (Adecco Engineering & Technical)" <brad.bahr@xxxxxx>
Date: Wed, 16 Feb 2011 22:31:54 +0000

I am running the 64bit version of Wireshark/tshark (v1.4.3 rev35482 – compiled download) on a 64bit Windows 7 box.  When I am applying read filters to large captures (1.5GB+) with tshark, I get this assertion:

 

ERROR:emem.c:652:???: assertion failed: (ret != 0 || versinfo.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)

 

Also in stderr are numerous warnings about dissector bugs with the SMB2 and VNC protocols.  I’m not sure if these are related but thought they would be worth mentioning.  From a cursory glance at the source heading of emem.c, I gather that this file provides memory management / garbage cleanup functions.  I’m definitely a novice when it comes to C/C++, so I don’t have a clue as to what would be causing g_assert to be getting a false from “ret != 0 || versinfo.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS”. 

 

If I try to open this same capture file with Wireshark, it also dies a terrible death before the capture is loaded.  Both tshark and Wireshark seem to be croaking when they have consumed about 2GB of memory, which makes me wonder if its related to some 32bit snafu.  My box has dual quad xeons and 12GB of ram, so hardware is likely not a concern.  Any ideas??

 

Thanks,

Brad