The new version of wireshark 1.6.8 + are consuming excessive amounts of RAM memory, and has used up all the memory on the machine I am using.
Are you planning to go back to how 1.2.7 works, not using local RAM or at least minimize it so it doesn't grow more than 5 mb of memory.
with this memory usage on 1.6.8 and up, we cannot upgrade because this causes our servers problems when we are doing long term packet captures.
Also in 1.8.0, what happened to all the capture information in the options? how do I get those back?
asked 20 Jul '12, 11:38
Unfortunately more features means more memory usage :-(
Wireshark isn't the tool of choice for long term captures as it maintains state info about the captured packets so will always run out of memory eventually. Dumpcap will capture without retaining state so can be used for longer captures, but even that may cause issues as the capture files grows ever larger. In this case use the Dumpcap -b options to limit each capture file by size or time.
answered 20 Jul '12, 12:36
1.2.7, and every version of the software back to Ethereal 0.1, uses local RAM (as does every other application on your machine). Later versions might use more memory to store reassembled packet data, keep track of relationships between packets, etc.. We have, over time, made some changes to reduce the memory consumption of the packet list display (by using a different widget) and the table of all packets (by allocating them in bulk and not keeping two pointers in every entry in the table).
answered 20 Jul '12, 14:00
Guy Harris ♦♦