On Windows, when capturing from multiple interfaces, if you try to stop the capture, Wireshark just freezes and must be forcefully closed. Is this a known bug? Version 2.0.1 (v2.0.1-0-g59ea380 from master) asked 04 Dec '15, 09:56  DJX edited 14 Jan '16, 12:01 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Happens in version 2.0.0 and version 2.0.1
Works fine for me on Win 10 using 1Gb wired and 802.11.a wireless. What OS, are you using WinPcap 4.1.3 (check the Wireshark Help -> About Wireshark dialog) and what interface types are you capturing on?
Version 2.0.1 (v2.0.1-0-g59ea380 from master-2.0)
Copyright 1998-2015 Gerald Combs [email protected] and contributors. License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia, with AirPcap.
Running on 64-bit Windows Server 2008 R2 Service Pack 1, build 7601, with locale C, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap. Intel(R) Core(TM)2 Quad CPU Q9650 @ 3.00GHz, with 8191MB of physical memory.
Built using Microsoft Visual C++ 12.0 build 31101
Intel ET in LACP Marvell 88E8056 in LACP
All looks fairly vanilla, does it also happen with the legacy version (wireshark-gtk.exe)?
It may just be too much traffic hitting the card. Try to capture with dumpcap instead. I just added a section on that at the bottom of this blog post:
https://blog.packet-foo.com/2013/05/the-notorious-wireshark-out-of-memory-problem/