From: Nick Slywczuk
Sent: Wednesday, July 18, 2001 10:36 AM
> I have a simple question. One of my clients needed me to do a weekend
> capture at their site. The capture is quite large, about 84.1 meg. When
I
> load it into ethereal either on my linux box or my win2k box it hangs it
or
> makes it really slow. I increased the virtual memory on both boxes(yes i
> know it is called something different on the linux box), but it is still
> causing me problems. Is there any way I can break the file int say 20 meg
> chunks to examine it? Or do I need to get more physical memory (the linux
> box has 128meg and the win2k box has 96meg). Any helpful input will be
> appreciated, any flames will be sent either to /dev/null, or the recycle
bin
> depending on where i am sitting at the time :)
You can use the editcap program to copy a subset of packets to
another file. You will want to use the -r option so the range you
enter is written to the output file not deleted from the output.
So the commands would look something like this -
editcap -r infile outfile1 1-10000
editcap -r infile outfile2 10001-20000
Good luck,
Jeff Foster
jfoste@xxxxxxxxxxxx
***
The information in this e-mail is confidential and intended solely for the
individual or entity to whom it is addressed. If you have received this
e-mail in error please notify the sender by return e-mail, delete this
e-mail, and refrain from any disclosure or action based on the information.
****
