János Löbb wrote:
Hi,
I thought that when I dedicate a file for the capture, the program
will not run out of memory, but rather from time to time writes the
captured data to this file. Yesterday I tried to capture as much as I
could on a PC with windows XP SP3 on it using WireShark 1.2.6 but
after some 20 minutes the program stopped and told it is out of
memory. The data was in the file, but even after restarting the PC I
was unable to open it. WireShark again posted an out of memory
message. Looks to me that Wireshark wants to read all the content
into real memory and it fails. The size of the file is 321.9MB. The
machine is a 1.4Ghz Pentium 4 with 384MB of RAM
Is there any setting I can change to be able to open the file and work
with it ? How folks are doing lengthier captures, like multiple hours ?
1. Please see http://wiki.wireshark.org/KnownBugs/OutOfMemory
for lot's of info as to why Wireshark memory usage increases
with capture size.
2. Extended captures can be done with dumpcap (using the ringbuffer
option to create multiple files).