I just tried opening a pcap file is just 20 MB. But its taking too much time to load. I waited morethan 20 mins after that cancelled. I checked the option - Resolve network addresses which is already disabled. Please help. asked 05 Nov '16, 15:42  Ramesh Sundaram |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
This suggests that you open the file using
File -> Openfrom inside an already running Wireshark, i.e. that the issue is really the opening of that file rather than start of Wireshark.Leaving aside things like corrupt Wireshark binary, the most likely case is that some dissector has a problem with the file. What version of Wireshark do you use, on what operating system? And can you publish the problematic file on some plain file publishing service and edit your question with a login-free link to it?
Thank you for your response!
I am using latest wireshark version 2.2.1.
I tried the following, Uninstalled 2.2.1 and installed old version 1.12.4. Then same file, I am able to open quickly. what could be the issue? Please help me to resolve this dissector issue. Also I observed, problem is not with the specific file. Once I encountered this issue, I am facing this loading issues with all other files too.
To rectify this issue, I need to go back old version after uninstalling 2.2.1 and again update to the latest version 2.2.1. If I do so, my issue getting resolved. I am able to load the file within a second !
The way you describe it now it sounds more like some issue with the profile (preferences) where some settings are stored between Wireshark runs.
So you need to identify the activity which causes the 2.2.1 to get from the OK state to the failed one:
is it always the same capture file which is the first one to not load,
is it always the same capture file which is the last one to be open properly,
is it the same protocol preference (or
Decode as...) setting while viewing the last file before the issue occurs,and then file a bug, describing the activity which causes the issue and attaching the capture file if relevant.
Just to be sure (and it doesn't seem to be the case), can you check whether a mere reboot without uninstalling the 2.2.1 is sufficient to open the files quickly again in 2.2.1?