How do you continuously run Wireshark without eating up all of my RAM?

For Windows environments (like mine where it is a big deal to install wireshark on a server), ever since Win7/2008R2 there has been built in packet capture available.

This will capture everything until you tell it to stop: netsh trace start capture=yes persistent=yes tracefile=c:\temp\results.etl

Monitor the trace: netsh trace show status

Stop the trace: netsh trace stop

It does support all the usual: Filtering, circular logging and even can persist across reboots. Another plus is the command help: try netsh trace ? or netsh trace show ? You do need to install Microsoft Message Analyzer to view/export the results.

It seems like for your situation you'd be set with the below command:

netsh trace start capture=yes persistent=yes tracefile=c:\temp\results.etl maxSize=500

That will give you circular logging with 500MB files, and persist across reboots.