Wireshark mailing list archives
Re: Wireshark and Big Sniffs
From: Phil Paradis <Phil.Paradis () unitedtote com>
Date: Tue, 20 Apr 2010 20:57:49 -0700
If you are looking for specific traffic (e.g. a particular host and/or port, etc) you can use something like WinDump to filter the packets for each of the capture files, and then (if they are small enough) you could merge those together. You could also do it the other way around; use Windump to filter the already merged file. -- Phillip R. Paradis | Network Engineer | United Tote | 2724 River Green Circle | Louisville | KY | Phone: +1 (502) 509-7445 From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Jaap Keuter Sent: Tuesday, April 20, 2010 10:26 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Wireshark and Big Sniffs Hi, These are some options: * Don't do the merge. * use Pilot (see Cace tech website http://www.cacetech.com/) * Visit http://wiki.wireshark.org/KnownBugs/OutOfMemory Thanks, Jaap On Tue, 20 Apr 2010 10:24:04 +0200, <A.Fendt () landkreis-guenzburg de> wrote: Hello, i’ve been capturing the whole traffic of my company. Every two hours I created a new file (ring buffer). Each file has the size of 100 – 200 Megabyte. Now I want to start a Endpoint Analyze. The first thing I made was to merge the Files to one large (10 GB). If I open now the 10 GB Capture-File my Wireshark crashes every time. What should I do now? Greetings Andreas Fendt
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark and Big Sniffs A.Fendt (Apr 20)
- Re: Wireshark and Big Sniffs Jaap Keuter (Apr 20)
- Re: Wireshark and Big Sniffs Phil Paradis (Apr 20)
- Re: Wireshark and Big Sniffs Jaap Keuter (Apr 20)