Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: RE: [Ethereal-users] Ethereal 64 bit

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Francisco Alcoba (TS/EEM)" <francisco.alcoba@xxxxxxxxxxxx>
Date: Mon, 25 Apr 2005 15:12:21 +0200
The first thing to ask is why it is taking so long. Are they very large files?
Have you tried to deactivate name resolution -which has some problems of
sluggish response in specific situations-?

Depending on what you need, you could merge the files into a large one that
might take very long to open, but only once, or use tethereal instead of
ethereal, which can be automated in a script. You might also want to filter
them down to smaller files, it really depends on what you will need the data for.

As for tcpdump/windump, you just use them from the command line to capture data
towards a file. The good part is that it does not -if used with the proper arguments-
analyze the packets, and it stores no information from them, so it has potentially
less problems to be continuously used. The default file formats are compatible -libpcap-.

Regards,

  Francisco


>  Hi,
> 
> Thanks for your help. How can I use tcpdump/windump??? And will I be
> able to open the results using Ethereal after? Because my 
> problem right
> now is the following. I gathered packets all weekend (3 days) using
> mutliple files (created every hour). So in the end, I had 
> like 50 files
> to analyze. The thing is that when I open a file using Ethereal, it
> takes about 2 minutes to open. Imagine I want to analyze them 
> together,
> I would need to open 50 files 1 by 1, which wouldn't make any 
> sense. Is
> there a solution to this?
> Thanks.
> 
> 
> -----Original Message-----
> From: ethereal-users-bounces@xxxxxxxxxxxx
> [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Francisco
> Alcoba (TS/EEM)
> Sent: Friday, April 22, 2005 2:07 AM
> To: Ethereal user support
> Subject: RE: [Ethereal-users] Ethereal 64 bit
> 
> 
> Hi,
> 
> > I have 4 PC's running one application on each PC and let Ethereal 
> > collect packets. After a period of time (about 2 hours), 
> Ethereal does
> 
> > not respond anymore and I need to kill the process in task manager. 
> > Thus I cant get the results (packets captured). Does anyone have an 
> > idea of what to do in this case?
> 
> Generally speaking, if you want to capture continuously and 
> then process
> 
> the files in any way, ethereal is probably not the best tool 
> to use. You
> can use tcpdump/windump, which are much lighter, to collect the
> information, and 
> afterwards use ethereal/tethereal to analyze it. That, of 
> course, unless
> you need to watch the results in realtime, which is what ethereal is
> really good at. And, as has already been said, it makes it 
> easier to use
> multiple files. If 
> you later need to analyze them together -e.g. because there are
> inter-file
> dependencies- you can always merge them.
> 
> Regards,
>  Francisco
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube