I am using Wireshark version 1.8, newly installed. Wireshark is crashing when trying to open a 400MB file. It gets to roughly 47%, then dies. I get a Microsoft Visual C++ Runtime library error. asked 07 Aug '12, 10:37  drumhrd edited 07 Aug '12, 14:02  multipleinte... |
One Answer:
Use the command line tool editcap to split the large file into smaller files. Editcap was installed when you installed Wireshark. Even if you could open the 400 MB file, you would find it difficult to work with because of its size. In particular, applying and clearing display filters would take a very long time. You can find the editcap syntax by clicking on Help > Manual Pages > Editcap from within Wireshark. answered 07 Aug '12, 10:58  Jim Aragon |
Wireshark is /probably/ dying because it's running out of memory. See OutOfMemory.
Note that it's not uncommon for me to analyze 400 Mb capture files but I have a 64-bit OS (and 64-bit Wireshark) and lots of RAM. (Note here too that there have been reports that 64-bit Wireshark on 64-bit Windows is NOT able to actually take advantage of lots of RAM; I think there's a bug report about that.)
Bug mentioned: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5979