When leaving wireshark running a trace it crashes and in event viewer I get the error. asked 08 Jun '16, 01:51  MattG edited 08 Jun '16, 02:18  grahamb ♦ showing 5 of 6 show 1 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
What were you doing with Wireshark when the crash occurred? If you've been running it for some time with reasonable amounts of traffic it's likely that Wireshark run out of memory, see this Wiki page for more info.
The wireshark is being used to monitor traffic constantly out of a firewall
From your additional comment I'm pretty certain that it is an out of memory situation.
What is the purpose of running wireshark in this manner, as there may be better tools for you to use, e.g. dumpcap?
That suggests that it would be prudent to use dumpcap to get your captures, and use Wireshark to selectively analyse them.
Its for a customer they wanted wireshark running constantly , I will try just using the dumpcap to capture the traffic, thanks
Check the ring buffer options allowing to write the output into a series of smaller files, as it is much more convenient to handle these files later (analysis & eventual archiving).