They are on seperate networks (it's amazing how much traffic a rlogin
session generates...), I'm trying to pin down some really wierd network wide
"flaky-ness". Last time this happened someone had fired up routed on their
workstation and was confusing the hell out of some layer 3 switches, on a
completely different network. :(
So my hope is to run captures on all the various networks and then merge
them back into one to see if I can find RIP, CDP, etc floating around
mucking things up and Ethereal is a heck of a lot nicer for that than cat |
grep. ;)
Thanks,
Chris
> -----Original Message-----
> From: Guy Harris [mailto:guy@xxxxxxxxxx]
> Sent: Wednesday, October 24, 2001 10:50 AM
> To: Guy Harris
> Cc: Chris Robertson; ethereal-users@xxxxxxxxxxxx
> Subject: Re: [Ethereal-users] Slow packet capture from file
>
>
> > So, what you should've done is:
> >
> > run "tcpdump -s 65535 -w /tmp/tcpdump.file" on the first machine
> > and "snoop -o /tmp/snoop.file" on the second machine;
> >
> > when you were done running tcpdump and snoop, copy both files
> > onto some machine with Ethereal (including mergecap) on it, and
> > run "mergecap -w merged.file tcpdump.file snoop.file";
> >
> > run "ethereal -r merged.file" when "mergecap" completed.
>
> Or, if the two machines capturing packets were doing so on the *same*
> network - for example, to see which of the packets sent by one machine
> were seen by the other machine - just run two separate instances of
> Ethereal on the two capture files; merging two captures on the same
> network would produce a bunch of duplicate packets, with no way of
> telling which packets came from which capture.
>
> If they were capturing on different networks, merging them might make
> sense (although packets routed between the networks would
> still show up
> twice).
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
