while trying to capture packets that I was sending from another machine, I got a message saying that wireshark has crashed. Now I am not able to capture the packets that I am sending from the other machine. Does anyone have any idea why? asked 03 Aug '12, 09:18  Noob |
One Answer:
It probably crashed because you were capturing too much data for Wireshark to handle. You should try capturing with dumpcap instead, which is a command line tool installed with Wireshark. It doesn't keep the frame details in memory, so it isn't likely to crash like Wireshark will if there's too much data to be kept. You can use answered 03 Aug '12, 09:54  Jasper ♦♦ |
Hmm if I try capturing using wireshark again with lesser data, it should right? It isn't capturing even one packet now. And what type of file should I write into. When I tried a text file, the file shows encoded data. Any help with this?
Wireshark should not crash when capturing packets unless there are A LOT of packets. If it does crash even when capturing a few packets you might want to open a detailed bug report at http://bugs.wireshark.org.
You should usually use pcapng or pcap files. It doesn't make much sense capturing into text files, since you can't do much with them - it is far better to use an actual trace file format like pcapng, which Wireshark can open and decode for you. If you need text dumps, you can export them from Wireshark later anyway.