I'm finding that when running a live capture on my rge0 interface, after some time (eg 30 minutes) the display of new packets stops updating. The UI does not hang, I can interact with it and select packets etc. It's just that no new packets are displayed and the total packet capture count remains fixed. On each live capture session, this behavior occurs at different times & total packet counts. I am aware of the "out of memory" issue with Wireshark but don't think this is it. Wireshark is not terminating. I've also trussed the wireshark process and the child dumpcap process and both are showing activity. I have checked I have tons of free disk space and virtual memory. Any ideas? Wireshark version: 1.6.4; OS: Oracle Solaris 10 [8/11 s10x_u10wos_17b X86] edition; NIC: Realtek RTL8111 Integrated Gigabit Ethernet Controller; Driver: Bundled Solaris rge(7D) driver asked 17 Mar '12, 19:34  SiliconLunch |
One Answer:
Is it possible that even though you have tons of disk space the capture file has reached the maximum allowed size for that file system? Can you do any capture filtering to reduce the volume of data collected to see whether that has any effect on when it stops? answered 22 Mar '12, 12:48  inetdog |
