I have been testing Wireshark v1.8.4, 32-bit version on Windows 2003 Server (32-bit, 2gig memory), Windows XP (32-bit 2gig memory) and Windows 7 (64-bit 4gig memory). All just monitoring short packets. The Windows 2003 Server use up memory much faster, and does not release it when you "restart" the capture or when you are capturing to disk, limit 10MB. Windows 7 and XP can capture over 1 million packets before running out of memory. Windows 2003 Server will run out of memory around 50,000 packets. asked 29 Jan '13, 12:02  SonomaDave converted to question 30 Jan '13, 00:12  grahamb ♦ showing 5 of 13 show 8 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Could you try the just released 1.8.5 which has a newer GTK? A test with a development build of 1.9.0 would be useful too.
Same problem with 1.8.5. I have traced it with VS 2010 Express and it looks like it is in the GTK. Specifically, the call in function add_byte_tab() in main_proto_draw.c (line 763 in v1.8.4): gtk_container_get(... increase memory usage in Wireshark by 164K bytes under Windows Server 2003, but only 4K bytes under Windows XP. This was moving from 1st to 2nd frame of a captured file.
I can send you the captured file, if you wish. The capture file is 973K bytes in size, but will run out of memory in the 2gig Windows Server when you move down through the file.
Where can I download 1.9.0?
Also, has anyone had experience with running Wireshark on Windows Server 2008? If so, is the Wireshark memory usage on Windows Server 2008 like Windows 7 and XP, or is it like Windows Server 2003? I can provide a captured file if someone can try Windows Server 2008. Thanks....
You can download development builds frome here http://www.wireshark.org/download/automated/
I installed Wireshark-win32-1.9.0-SVN-47367.exe. Same problem. After loading the captured file, if I move down through the frames one at a time, by the time I get to frame 1600, Wireshark is using 1.5 Gig of memory on Windows Server 2003.
On Windows 7 or XP, when I do the same thing, the memory usage fluctuates up and down within a 3 meg range. The capture file is only 973K bytes long and has 2953 frames. Viewing all 2953 frame this way, Wireshark only is using 86Meg of memory on Windows XP.
I am going to try in install a trial version of Windows Server 2008 R2 to see what happens on it.
Good news. No problem on Windows Server 2008, 32-bit. I am able to scan through the 2953 frames of my capture file with Wireshark using only 43 Meg of memory. A far cry from 1.5 Gig on Windows Server 2003. Thanks Anders for your help.
I have to retract my last comment. Here is the latest. Note: Windows servers are running as VM under Redhat Linux using xen. -Wireshark memory problem occurs on both Windows Server 2003 and Windows Server 2008, 32 bit version, when logged in via MS Remote Desktop. -Wireshark memory problem does NOT occur when logged in to the xen console to Windows Server 2003 and 2008. -Wireshark memory problem does NOT occur when logged in to Windows 7 64-bit via MS Remote Desktop. Windows 7 running native on Dell PC. Wireshark is 32-bit version.
Next up, Windows Server 2008 R2, 64-bit.
I have just completed my test on Windows Server 2008 R2, 64-bit, running as VM under RHEL with xen. Results are same as on 32-bit: -Wireshark memory problem occurs on both Windows Server 2008 R2, 64 bit, when logged in via MS Remote Desktop. Both Wireshark 32-bit and 64-bit have the problem.
-Wireshark memory problem does NOT occur when logged in to the xen console to Windows Server 2008 R2, 64-bit. Both Wireshark 32-bit and 64-bit do NOT have the problem.
The common theme of when the problem occurs is Windows Server 2003, 2008 32-bit, or 2008 64-bit when logged in via MS Remote Desktop.
So the memory problem may be in the remotedesktop or GTK in any case not much Wireshark developers can do about it.
Remote Desktop does some funky things with the graphics, I've seen issue with other applications. As @Anders says this is likely to be GTK issue. Please file an issue with the bug tracker, attaching the capture that shows the issue.
Bug 8281 - Wireshark out-of-memory crash on Windows Server when logged in via Remote Desktop
Looks like gtk is causing the same problem with deluge. See: http://www.mail-archive.com/[email protected]/msg02359.html
In looking at gtk bugs I found: https://bugzilla.gnome.org/show_bug.cgi?id=665013 But it looks like that problem has been fixed, and that Wireshark is using gtk with the fix. Also, the bug was only for Remote Desktop when using 16-bit colors. I have verified that the problem occurs for all color options, from 15 to 32-bit.
Can someone help me write a gtk bug remote? There are so many options, I don't know how to fill out the forms. Thanks...
I have exactly the same type of problems both in Windows 2003 x32 and windows 2008 R2 x64 after 1.8.4 release.
I have also been trying with a new GTK, GTK3 and same problem percist.