Wireshark mailing list archives

Re: Pcap Ideal Size for Analysis

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Mon, 22 Aug 2011 15:18:05 +0200

Hi,

Have a look at editcap, part of the Wireshark package. It allows you tocut the thing in pieces.There's no hard a set rule what the optimum size of a capture is. Somecaptures are more memory intensive than others.Also, depending on what you're trying to find, you'll need shorter orlonger captures.


Have a good look at the command line tools.

Thanks,
Jaap

On Mon, 22 Aug 2011 16:31:49 +0700, Zaki Akhmad wrote:

Hi all,

Just got a pcap file sized 532 MB :|

I was wondering, how big is pcap ideal size to do some analysis? Just
when I opened this file, I need at least 5 minutes on my computer
(dual core, 3 GB memory) to open it.

Or maybe there are tips & tricks to capture and analyze big pcapfile?


Thanks!

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Pcap Ideal Size for Analysis Zaki Akhmad (Aug 22)
- Re: Pcap Ideal Size for Analysis Jaap Keuter (Aug 22)
- Re: Pcap Ideal Size for Analysis Frank Bulk (Aug 22)