This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark 1.10.5, installed just today on w2k8 r2 system.

Normally I run Wireshark on Linux (openSUSE 12.x still, x86_64) and use it for hours on end and it's just fine. Today I needed to do some SSL decryption so I had to fire up a VM and install Wireshark there. Getting the latest and installing it everything is fine, I can filter into the stream I want (tcp.port==636), packet decryption works, but memory growth is incredible. What starts as a 72 MB process (as shown in default Task Manager) while opening these little 200 or 900 KB files quickly balloons up past a couple hundred GB. In each case after getting into the trace for a while (maybe fifteen minutes of poking through a stream packet by packet, maybe one hundred packets or so until I get to the end of the stream) Wireshark has taken so much memory that it starts erroring and eventually windows tells me that it is a bad process and kills it. Restarting everything is fine again, the problem continues. Just now to do some verification, I scrolled quickly through about forty packets of SSLized LDAP packets, just going through the packet list, and the memory footprint went from 190 MB to 390 MB. Scrolling back down through the same list gets me up to 620 MB.

I know that memory growth is not a memory leak, but this is not normal memory growth, and having the application crash with a < 1 MB file open on any system is probably pushing the limits of what should ever happen. I do not know if this is related to the SSL decryption, but it could be. Otherwise, these traces were taken with tcpdump on SUSE Linux Enterprise Server (SLES) 11 SP3 x86_64 filtering on ports 53, 389, 524, and 636.

asked 10 Jan '14, 11:51

dajoker's gravatar image

dajoker
16224
accept rate: 0%

1

Seems it is already reported, and a problem with wireshark when accessed on a windows box via RDP. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8281

(10 Jan '14, 22:12) dajoker

Thanks for checking for an existing bug, I forgot to mention to do that first.

(11 Jan '14, 07:56) Jasper ♦♦

Sounds more like a memory leak to me, but this is something the developers may have to take a look at. If you can provide the trace and the steps to reproduce the problem you could open a bug at Bugzilla. Even if you can't share the trace you could at least describe how the problem may be reproducible.

permanent link

answered 10 Jan '14, 17:21

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×254
×23

question asked: 10 Jan '14, 11:51

question was seen: 2,078 times

last updated: 11 Jan '14, 07:57

p​o​w​e​r​e​d by O​S​Q​A