I am capturing traffic using wireshark. Everything works nice, but for some reason after I capture more than 2 mlns packets, wireshark just crashes.
I am not sure what can be the reason, but I tried it three times and every time soon after 2 mlns it crashes. So I am exporting the information every 1 something million packets by using File->Export->File then restarting the capture.
Everything works fine, but is there a way to automatically tell wireshark to Export and restart capture after specific amount of packets or may be specific time limit?
Best Answer
How much data is flowing across the link you're trying to monitor? Wireshark's primary job is to show you as much information as it can about every packet that it sees and it does this by default. If you're trying to dissect lots of packets in real time you can run out of memory very quickly.
There are a couple of ways around this:
BTW, you might want to save capture files using "Save". Depending on the file format you choose "File→Export" may save packets to a file that Wireshark can't read (hence the word "export").