This is our old Q&A Site. Please post any new questions and answers at

Ok so I am updating to the latest Wireshark-win64-1.10.0 But bear in mind, if you didn't fix it, it ain't fixed.

TShark 1.0.6 (SVN Rev 27387)

The command that generated this was:

C:\Progra~2\Wireshark\tshark host -S -s 4096 -R "http.request.method == \"POST\"" -w C:\users\markt\Desktop\captures\20130702_%RANDOMSTUFF%.pcap

The file size generated was 2.20 GB (2,366,529,322 bytes)

41384.525053 -> HTTP POST /ajax/ping HTTP/1.1  (application/x-www-form-urlencoded)
Unhandled exception (group=1, code=6)

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

0:000> k
ChildEBP RetAddr

0017e754 779585f0 ntdll!ZwTerminateProcess+0x12
0017e764 76fb93a6 ntdll!RtlExitUserProcess+0x7a
0017e778 769e3c3a kernel32!ExitProcess+0x12
0017e784 769e3b7b MSVCRT!__crtExitProcess+0x17
0017e7bc 76a39617 MSVCRT!_cinit+0xea
0017e7d0 76a36916 MSVCRT!_exit+0x11
0017eb08 00a6ec96 MSVCRT!abort+0x116
0017eb10 00a6ef08 libwireshark!except_deinit+0x99 [except.c @ 226]
0017eb2c 00a6edc8 libwireshark!except_rethrow+0x1c5 [except.c @ 210]
0017eb3c 00a7720b libwireshark!except_rethrow+0x85 [except.c @ 269]
**0017ebb4 00a6e96d libwireshark!dissect_packet+0x4dd [packet.c @ 349]**
0017ebd0 0041b636 libwireshark!epan_dissect_run+0x21 [epan.c @ 161]
0017ec60 0041af23 tshark!capture_input_closed+0x63a [tshark.c @ 2453]
0017ec98 00417d76 tshark!capture_input_new_packets+0xc8 [tshark.c @ 2027]
0017fccc 0041abef tshark!sync_pipe_gets_nonblock+0x27b [capture_sync.c @ 1216]
0017fce0 00419bc7 tshark!pipe_input_set_handler+0x2a0 [tshark.c @ 1861]
0017ff14 0041daa7 tshark!main+0x159c [tshark.c @ 1614]
0017ff88 7701f271 tshark!mainCRTStartup+0xe3
0017ff94 7799d819 kernel32!BaseThreadInitThunk+0xe
0017ffd4 7799da2b ntdll!__RtlUserThreadStart+0x23
0017ffec 00000000 ntdll!_RtlUserThreadStart+0x1b

asked 02 Jul '13, 15:03

mark_till's gravatar image

accept rate: 0%

edited 03 Jul '13, 18:15

Guy%20Harris's gravatar image

Guy Harris ♦♦

Unhandled exception (group=1, code=6)

Means, for Wireshark 1.0.6, that tshark ran out of memory--which isn't surprising given the size of your capture file. See the wiki page KnownBugs/OutOfMemory for more details.

But, if you happen to be running on a 64-bit version of Windows and you've got lots of RAM, the newer version of tshark may work better (it will actually use more than 2 Gbytes of RAM).

permanent link

answered 02 Jul '13, 19:27

JeffMorriss's gravatar image

JeffMorriss ♦
accept rate: 27%

edited 03 Jul '13, 18:14

Guy%20Harris's gravatar image

Guy Harris ♦♦

Ok so I am updating to the latest Wireshark-win64-1.10.0 But bear in mind, if you didn't fix it, it ain't fixed.

Wireshark 1.0.6 is really old and chances are good that this specific problem has been fixed some time ago. Please try the latest version and report back your results.


permanent link

answered 02 Jul '13, 15:54

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 02 Jul '13, 15:03

question was seen: 3,285 times

last updated: 03 Jul '13, 18:15

p​o​w​e​r​e​d by O​S​Q​A