Ask Your Question
0

Wireshark not responding while capturing packets

asked 2018-06-02 17:26:12 +0000

BrainStem gravatar image

Hi, for a long time I used Wireshark without problems but from a while it became very frustrating using it.

When I start a capture I don't see any problems and packets being captured are shown without problems, I can see TCP, NBNS, DNS and other traffic but when I, for example, open a browser and search for a website Wireshark begins to slow down till crashing with Windows saying that the program is not responding.

Obviously I analyzed ram usage and I saw very high values (I have a 4GB machine underneath).

I use npcap as a capture driver and obviously I tried to uninstall and reinstall Wireshark without solving anything.

Is there a solution for this problem? Do I need a ram upgrade in order to use it?

edit retag flag offensive close merge delete

Comments

Wireshark version?

grahamb gravatar imagegrahamb ( 2018-06-02 20:54:19 +0000 )edit

The last stable, 2.6.1 but even with earlier versions

BrainStem gravatar imageBrainStem ( 2018-06-03 11:00:13 +0000 )edit
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2018-06-03 16:15:17 +0000

Jasper gravatar image

It's probably a resource bottleneck problem - I usually see this if the flood of incoming packets is high, e.g. more than a few 100 MBit/s. Unless I need/want to see packets in real time I do not use Wireshark for the capture anymore, but run dumpcap directly instead (which is the tool Wireshark calls for the capture as well). Seeing packets in real time is only useful if it's slow traffic, of course, which usually doesn't give you the trouble you experience. Note that with longer run time Wireshark accumulates meta information (e.g. TCP flow correlations, expert messages etc.) which will make you run out of memory eventually. dumpcap doesn't, and can run "forever".

See this blog post for more information:

https://blog.packet-foo.com/2013/05/t...

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-06-02 17:26:12 +0000

Seen: 5,768 times

Last updated: Jun 03 '18

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2