Hi Juan –
I work in support and most of the times
when SE’s or customers take traces, they usually don’t know how to really use
tcpdump and what not, so the traces (or collector) doesn’t really care and
therefore I get stuck with huge traces.
I was hoping to use tethereal with the –R option
and –w option to filter a file w/out launching the GUI and just peg (someone
else’s server) to chop the sucker down before I do open it up and take a look
at it. I noticed that editcap and capinfos cannot open the file either, but I
figured, if any of the programs that ship with WS wouldn’t care for file sizes
would’ve been capinfos but it does care J
Would a 64bit edition of WS (or built on
that platform) help any?
Thanks,
Alex Lee
Riverbed Technology
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of juan.wortley@xxxxxxx
Sent: Friday, May 04, 2007 8:02 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users]
Wireshark and 2GB capture files
Hi Alex,
I never used CentOS, however independently
of the OS it is recommended not to grow up to much the files to keep them
manageable. Otherwise it takes too much to process them.
Using multiple files when doing the
capture and limiting them to lets say 100MB (or less) you can handle that more
easily.
In case you need to see all together
wireshark can reassemble the files automatically opening subsequent files
together.
Br
Juan
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of ext Alex Lee
Sent: Viernes, 04 de Mayo de 2007
05:18 a.m.
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users]
Wireshark and 2GB capture files
Hi –
I was just wondering if there was support for trace files
larger than 2GB on x86 machines (CentOS 5) by any chance? And if so, how do you
go about getting this to work?
2.6.18-8.1.3.el5
libpcap-devel-0.9.4-8.1
libpcap-0.9.4-8.1
wireshark-0.99.5
sorry, I’m new, so I apologize if I didn’t provide sufficient
information.
Alex
