Wednesday, September 5, 2012

Wireshark on Mac Crashes When Changing Time Format

Ok, once you know why you will say, "Ya, what did you expect?"  But hey, I have been a bit sleep deprived so give me a break.

If you are using Wireshark (on Mac) and say, man, that Time column is messed, let's see some Dates with time instead of what Epoch time?

Ok, great, right click the column, choose to edit the column details and change it from the default to "Absolute date and time".

Now, why does it hang for a bit?

Well, if you are like me and left Wireshark running for a day or so while you are tracing a networking issue you might not notice how many frames you captured.

Say just under 2.5 million.


Wireshark now has to reprocess each of these packets to convert the time to your desired format.

I said you'd say, "What did you expect?"

At least the reprocess is only going to take about 7 minutes.

.....about 7 minutes later...

Ok, not so good.  Maybe that would be, reprocess and then crash.

Serves me right.

Time to go sniff some more packets.

