I found the "etherXXXX" file in temp directory, which is over 1GB. I tried to load it with Wireshark. It expected at least 30min to load. But the same error happens again after 10min and only 20% packets were loaded.
Then I tried again and watched in Task Manager that the PF usage kept increasing until almost 100%. It crashed again as about 20% loaded. So it's most likely a 'out of memory'? I haven't tried 1.0.5. I may try it later... On Wed, Feb 4, 2009 at 5:02 PM, Guy Harris <[email protected]> wrote: > > On Feb 4, 2009, at 4:27 PM, Bill Meier wrote: > > > My first guess would be "out of memory". > > Although for that I'd expect either > > 1) "Access violation reading location 0x00000000" (or some other > small value), i.e. a null-pointer dereference from something that did > a malloc() and didn't check whether it succeeded > > or > > 2) an assertion failure message from g_malloc() calling abort() on > failure (I think abort() failures turn up as a unique type of failure > on Windows). > > Is there an "etherXXXXXX" file, for some value of "XXXXXX", in your > (Joshua's) temporary file directory? (I forget where Windows hides > the per-user temporary file directory.) If so, does Wireshark crash > if you try to read it? > > (Also, what happens with Wireshark 1.0.5, the current version?) > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
