Posts Tagged With ‘dumpcap’

  1. Frame bytes vs. frame file headers

    When capturing frames from a network there is more information recorded into the capture file than just the bytes of each frame. If you have ever looked at the PCAP or PCAPng file format specifications you have seen that each frame has an additional frame header containing important information that wasn’t part of the frame […]

  2. The trouble with multiple capture interfaces

    The PCAPng file format Starting with Wireshark 1.8, the old PCAP format was replaced by PCAPng as the new default file format for packet captures. I have to admit that I may be one of the people to blame for this – at the end of Sharkfest 2011 we had a panel discussion with Gerald […]

  3. Wireshark File Storage

    Sometimes it is important to know how Wireshark captures packets, and when it is writing them to disk. One of the common questions is “how can I avoid writing packets to disk, and just capture them in memory?”.

  4. The notorious Wireshark “Out of Memory” problem

    It is one of the most common question on the Wireshark Q&A site: “I have xyz gigabyte of memory, but still Wireshark crashes when I try to capture data”, with xyz being a more or less impressive (or even ridiculous) amount of memory. This is how a typical crash looks like (your mileage may vary):