Wireshark-users: Re: [Wireshark-users] File size issue

From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Wed, 23 Aug 2006 09:56:48 +0000
wireshark is stateful   and does a lot of things that need a lot of memory.

for large captures   one thing that can consume too much memory are IP
reassembly in preferences  and TCP reassembly.

You can disable these two preferences and memory consumption will
decrease and larger files can be loaded.

You can also try to split the capture up into several smaller ones
using the editcap tool.

editcap -r BIGFILE.cap smallfile.cap 1000000-1250000

will extract the specified packet range from the big file into a smaller one.

you can use editcap in this way to cut the big capture into several
smaller ones that are easier to manage

On 8/23/06, jono <jono29@xxxxxxxxx> wrote:
Hi List....

***Please treat as urgent*****

I have a file that is 1.7Gb in size and wireshark appears not to want to
open this. The data that I really need to get at is approximately 1Gb in to
the file. Is there any way that this can be done. If so, I can be contacted
via messenger aas this is urgent and also am willing to disclose my DDI
number if some kind soul is willing to help.

Thanks in advance,

APD Comms