Wireshark-dev: Re: [Wireshark-dev] Wireshark Crash
From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Mon, 06 Jun 2011 15:37:36 -0400
On 6/6/2011 3:24 PM, Garcia, Luis Antonio wrote:
Details about the crash:error messages/ etc.

I don't really receive any error messages. The program just doesn't
start up and seems to freeze the system.  I've tried to manually
debug the situation by running the capture through the Wireshark GUI
(not tshark) and the program freezes when I try to stop the capture.
When I try to kill the process through Task Manager, the
wireshark.exe process does not close.  The only way to end the
process after the freeze is to reboot the machine.  Normally I would
run this off of a UNIX machine, but the AirPCap sniffer only runs on
Windows.

One comment: if you are using tshark initially only to create capture files for offline analysis, I suggest using dumpcap instead.

Dumpcap is the program used by tshark to actually do captures and only does capturing (no analysis).

Using dumpcap may not resolve the problem, but using dumpcap instead of tshark does simplify the process.