Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] Wireshark and 2GB capture files
From: "Tim Connolly XX \(PL/EUS\)" <tim.xx.connolly@xxxxxxxxxxxx>
Date: Fri, 4 May 2007 16:46:34 -0500
|
Realtime - meaning `tcpdump -r xxx.cap | mysql-insert.pl`
once... From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Tim Connolly XX (PL/EUS) Sent: Friday, May 04, 2007 4:35 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Wireshark and 2GB capture files I think you would be better off realtime parsing this
and shoving it into a db. That would eliminate the 2GB limit and allow you to
run filtering and more advanced options (in Wireshark) from your favorite
desktop after a more selective query on the db. From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Alex Lee Sent: Friday, May 04, 2007 3:18 AM To: wireshark-users@xxxxxxxxxxxxx Subject: [Wireshark-users] Wireshark and 2GB capture files Hi – I was just wondering if there was
support for trace files larger than 2GB on x86 machines (CentOS 5) by any
chance? And if so, how do you go about getting this to
work? 2.6.18-8.1.3.el5 libpcap-devel-0.9.4-8.1 libpcap-0.9.4-8.1 wireshark-0.99.5 sorry, I’m new, so I apologize if I didn’t provide
sufficient information. Alex |
- References:
- [Wireshark-users] Wireshark and 2GB capture files
- From: Alex Lee
- Re: [Wireshark-users] Wireshark and 2GB capture files
- From: Tim Connolly XX \(PL/EUS\)
- [Wireshark-users] Wireshark and 2GB capture files
- Prev by Date: Re: [Wireshark-users] Wireshark and 2GB capture files
- Next by Date: Re: [Wireshark-users] Tshark and using display filters
- Previous by thread: Re: [Wireshark-users] Wireshark and 2GB capture files
- Next by thread: [Wireshark-users] Need help with display filtering for all packets on a subnet
- Index(es):