Hi, my wireshark crashed over night. Short Version -> I had two instances of Wireshark running. For a long time capture over the weekend I configured multiple capture files (One file every 100MB). It seems like there was a memory overrun anyway. Any idea how to prevent my Shark from crashing? Long Version -> I'm testing a network device with different scenarios. Tests might run over several days. To have a capture in case of errors occuring I use a Network Tap and a Monitor PC with two NIC and Wireshark installed. For both Wireshark instances (one for send and one for receive direction) a ring buffer with 200 files x 100MB is configured. The OS is Win Server2008R2 64Bit, the message I get is something like "GLib-Error**: gmem.c:136: failed to allocate 429496295 bytes aborting..." The capture aborted after about 7GB of capturefiles, 4GB of memory are installed on the machine. I could try to use a second monitor PC, more RAM or a different OS but I hope you give me some ideas before I spend some hours on experiments :) asked 02 Nov '11, 06:26  ratlos |
One Answer:
Hi, From the Wireshark Wiki:
answered 02 Nov '11, 07:18  Anders ♦ edited 02 Nov '11, 09:30  multipleinte... |
Hi Anders,
thank you for your answer! The disadvantage in my case is, that I want some window where I can see the live traffic (at least during working hours). So a possibility would be to use dumpshark and wireshark simultanously. Dumpshark running with a ringbuffer while wireshark is opened and closed by a script at regular intervals (which should clean up the memory).
But perhaps there is another tool just for the memory cleaning? Or some other way to handle this bug?