Re: Wireshark and Big Sniffs

[Phil Paradis <Phil.Paradis () unitedtote com>]

If you are looking for specific traffic (e.g. a particular host and/or port, etc) you can use something like WinDump to 
filter the packets for each of the capture files, and then (if they are small enough) you could merge those together. 
You could also do it the other way around; use Windump to filter the already merged file.

--
Phillip R. Paradis | Network Engineer | United Tote | 2724 River Green Circle | Louisville | KY | Phone: +1 (502) 
509-7445

From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Jaap 
Keuter
Sent: Tuesday, April 20, 2010 10:26 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Wireshark and Big Sniffs


Hi,

These are some options:

 *   Don't do the merge.
 *   use Pilot (see Cace tech website http://www.cacetech.com/)
 *   Visit http://wiki.wireshark.org/KnownBugs/OutOfMemory

Thanks,

Jaap



On Tue, 20 Apr 2010 10:24:04 +0200, <A.Fendt () landkreis-guenzburg de> wrote:
Hello,

i’ve been capturing the whole traffic of my company. Every two hours I created a new file (ring buffer). Each file has 
the size of 100 – 200 Megabyte. Now I want to start a Endpoint Analyze. The first thing I made was to merge the Files 
to one large (10 GB).

If I open now the 10 GB Capture-File my Wireshark crashes every time. What should I do now?

Greetings
Andreas Fendt



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe