Version 2.0.2 (v2.0.2-0-ga16e22e from master-2.0) I am trying to run a packet capture using the above version. I have windows 10 on the laptop. The capture is being done on a Cisco 6880. I have the port on the switch setup to monitor all VLAN traffic on the switch. It will run fine for a little while and then an error occurs and the application terminates. All the message says is"wireshark has stopped working, a problem caused the program to sop working correctly. Windows will close the program" asked 11 Mar '16, 07:48 Shannon Eakins |
3 Answers:
This sounds like a bug which might be related to specific contents of a particular captured packet. It could be useful to run dumpcap instead of Wireshark for, say, triple the time it normally takes Wireshark to crash, and then try to open the capture file saved by dumpcap with Wireshark. If in this case Wireshark crashes too, it is worth filing a bug and attaching that capture. BTW, the error message you can see is a Windows message, not a Wireshark one. answered 11 Mar '16, 08:08 sindy |
What's the expected traffic rate? Are you running the 32 bit or 64 bit version of Wireshark? Given that you're trying to "monitor all VLAN traffic on the switch" I'd suspect that you're simply running out of memory, which is more likely if you're using the 32 bit version. As @sindy says, try using dumpcap to make the capture as that doesn't retain state or dissect as much traffic so is less likely to run out of memory or hit any possible bug. answered 11 Mar '16, 10:00 grahamb ♦ Well, OK, maybe my understanding of "a little while" is different from author's :) These words were the reason why I've suppressed the very first idea of memory exhaustion and suggested a bug instead. (11 Mar '16, 10:19) sindy |
Have you tried compatibility mode ? WireShark may not be yet compatible with Windows 10 yet. answered 11 Mar '16, 10:08 msmorten Wireshark runs perfectly well on Windows 10. If you have direct evidence of an issue please raise an entry at the Wireshark Bugzilla. (11 Mar '16, 10:12) grahamb ♦ https://ask.wireshark.org/questions/40972/wireshark-and-windows-10-build-10041-no-capture-interfaces This says otherwise. I know the issues are a bit different but there are some known issues. So to say it "runs perfectly well..." is a slight over statement. (11 Mar '16, 11:52) msmorten Look at the date and Win 10 build in that question. That wasn't an RTM release of Win 10, and at that time Win 10 preview builds had issues with NDIS5 drivers and thus affected WinPCap not Wireshark, although WinPCap not working did prevent Wireshark from making captures. Again, if you have a specific bug for Wireshark on Win 10, please raise it, don't just make general wild assertions. (11 Mar '16, 11:57) grahamb ♦ https://ask.wireshark.org/questions/48178/wireshark-fails-to-start-on-windows-10 The above build or seemingly a number of builds have issues with WinPCap and Wireshark which seem to conflict with one another in Windows 10. I am only saying that this setup seems to fit the bill. That doesn't seem very wild to me, but if you say so. I'll just wait for you to repeat one of these previous answers. Again, I'd try compatibility mode or run a VM of a previous version of Windows and see if it happens then. I have a similar switch and pulling much more traffic on a network with very heavy traffic, and havent had an issue with Wireshark. But I'm running Windows 7 with WinPCap, and 2 linux servers. So, I think the issue has to do with running the program in a Windows 10 environment w/ WinPCaP. This has been reported many times in various setups. But thats just my wild, but educated guess. Good luck. (11 Mar '16, 12:10) msmorten That issue of a hang in a call in WinPcap has been around for quite a while, I've investigated a few myself that have previously been reported and it's happened on other OS's before Win 10 arrived. Unfortunately without debug symbols for WinPcap it's next to impossible to debug from a crash dump. If I could make it happen on a dev machine with a debugger I might have a chance. That issue seems to be something peculiar in the environments where it fails that can't be replicated elsewhere. Very few people appear to suffer with that issue, but regardless that's a failure to start, not a crash during capture. (11 Mar '16, 12:33) grahamb ♦ |
Are you running in "Compatibility Mode" ?