Hi NG, I trying to trace an iperf test with Wireshark v1.12.5 to see if we got issues on our network. I started with a 10 seconds trace. After the 10 seconds I stopped the trace, looked for the senders/receivers communication and clicked "follow tcp stream". Wireshark starts counting the packets which are involved (128862 in my test) and then shows the list of packets. Once I want to scroll or click on any packet Wireshark freezes and will never return. I did a test and let Wireshark run for 15 minutes in this state to see if anything is happening but if keeps the freezed state. To keep the Wireshark file small I limited the each packet to 128 bytes. Any idea how I can get Wireshark to work? Regards Christian asked 09 Jun '15, 02:30 JogDial edited 09 Jun '15, 02:32 |
One Answer:
Looks like a processing issue to me. What I don't get is why you try to use "Follow TCP stream" if you cut the packets at 128 bytes anyway - following the TCP stream only makes sense if you want to take a look at the combined payload, and that's not relevant in your case if I understand your motivation correctly. If you want to isolate a TCP connection, use the popup menu to filter on "Conversation Filter" -> "TCP" instead. This avoids Wireshark trying to reassemble the payloads and should work every time. answered 09 Jun '15, 02:36 Jasper ♦♦ |
Hi Jasper,
thanks for your fast reply.
2 observations:
1st: I guess you're right with your assumption. The conversation filter does work out fine for me.
2nd: I checked again at my Wireshark process I left behind an hour ago. It finally returned from freez state and displays the tcp stream I selected. I believe there was just too much data to reassemble in a quick manner.
Thanks again.
Christian
If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.