Wireshark is a really neat tool for analyzing phone calls. But when
you load a 100 MB capture file of VoIP calls, you need much more than
100 MB of RAM. But how much more?
Here's a data point from which you can make a line: a 326.15 MB PCAP
file contained lots of SIP, and a little RTP. This wasn't a raw
capture file; I had thrown away a lot of the RTP and RTCP.
The file compressed to 121.15 MB using gzip. Then when Wireshark
opened it, and then generated a "VoIP Calls" analysis, the resident
memory size was 610.52 MB. That means Wireshark needs about 1.87-times
as much RAM as there are bytes in the input file, in this case.
So if I can dedicate 1 GB RAM to opening a capture file, I can
probably handle a PCAP file that's about 530 MB uncompressed.