Your not going to be able to load 80GB
into memory. You need to slim things down and split the data up.
Step 1: Use tshark the command line equiv
to Wireshark to capture to files. Use the –b duration option
to so the tshark moves onto another capture file every X seconds or when the
file reaches a certain size. This allows you to process the data in
chunks. Also depending on what you are interested in use the –s option
to limit the size of the information captured. Ie. If you only want the
packet headers use the min which I think is 64.
Example:
tshark -i 1 -b duration:60 -s 64 -f 'not
broadcast and not multicast and not icmp' -n -w C:\temp\my_capture_file_prefix
Step 2: Now you can use Wireshark or tshark
to display the capture files.
More information here: http://wiki.wireshark.org/KnownBugs
Chris
-----Original
Message-----
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Attila Peter
Sent: 15 July 2009 13:30
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Large
capturing - memory problem
Hi Everyone!
I am capturing a large network traffic on my network. The capturing process
should work for 8 hours on a gigabit interface, the network flow is beetween 6
kb/s - 1Gb/s, sum 80 Gb traffic.
Wireshark always crashes with an "OutOfMemory" error, I have already
enabled the /3G switch, but it haven't solved my problem.
Does anbody have an idea? :)
Thank you,
Attila
