This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Interface crashed

0

while trying to capture packets that I was sending from another machine, I got a message saying that wireshark has crashed. Now I am not able to capture the packets that I am sending from the other machine. Does anyone have any idea why?

asked 03 Aug '12, 09:18

Noob's gravatar image

Noob
1222
accept rate: 0%


One Answer:

0

It probably crashed because you were capturing too much data for Wireshark to handle. You should try capturing with dumpcap instead, which is a command line tool installed with Wireshark. It doesn't keep the frame details in memory, so it isn't likely to crash like Wireshark will if there's too much data to be kept.

You can use dumpcap -D to get a list of interfaces, and then dumpcap -i <interfaceindex> -w filename to capture to file.

answered 03 Aug '12, 09:54

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Hmm if I try capturing using wireshark again with lesser data, it should right? It isn't capturing even one packet now. And what type of file should I write into. When I tried a text file, the file shows encoded data. Any help with this?

(03 Aug '12, 10:26) Noob

Wireshark should not crash when capturing packets unless there are A LOT of packets. If it does crash even when capturing a few packets you might want to open a detailed bug report at http://bugs.wireshark.org.

You should usually use pcapng or pcap files. It doesn't make much sense capturing into text files, since you can't do much with them - it is far better to use an actual trace file format like pcapng, which Wireshark can open and decode for you. If you need text dumps, you can export them from Wireshark later anyway.

(03 Aug '12, 10:42) Jasper ♦♦