Wireshark · Ethereal-users: Re: [Ethereal-users] Slow packet capture from file

Ethereal-users: Re: [Ethereal-users] Slow packet capture from file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Wed, 24 Oct 2001 10:49:48 -0700 (PDT)

> So, what you should've done is:
> 
> 	run "tcpdump -s 65535 -w /tmp/tcpdump.file" on the first machine
> 	and "snoop -o /tmp/snoop.file" on the second machine;
> 
> 	when you were done running tcpdump and snoop, copy both files
> 	onto some machine with Ethereal (including mergecap) on it, and
> 	run "mergecap -w merged.file tcpdump.file snoop.file";
> 
> 	run "ethereal -r merged.file" when "mergecap" completed.

Or, if the two machines capturing packets were doing so on the *same*
network - for example, to see which of the packets sent by one machine
were seen by the other machine - just run two separate instances of
Ethereal on the two capture files; merging two captures on the same
network would produce a bunch of duplicate packets, with no way of
telling which packets came from which capture.

If they were capturing on different networks, merging them might make
sense (although packets routed between the networks would still show up
twice).

References:
- Re: [Ethereal-users] Slow packet capture from file
  - From: Guy Harris

Prev by Date: RE: [Ethereal-users] No more suid?
Next by Date: [Ethereal-users] Ethereal and Madge-TR
Previous by thread: Re: [Ethereal-users] Slow packet capture from file
Next by thread: RE: [Ethereal-users] Slow packet capture from file
Index(es):
- Date
- Thread