Re: how to handle big files in wireshark

[Guy Harris <guy () alum mit edu>]

On Jul 9, 2010, at 12:46 PM, Maverick wrote:

> I have huge pcap files in Gbs which I want to analyze using wireshark but wireshark is extremely slow and crashes 
> while opening those files. I tried breaking those files into smaller files but thats not very good solution as I have 
> to open up each file and sometime relationship between files gets lost.
>
> Is there a decent way to handle huge files in wireshark .

For now, the only way is "use a 64-bit version of Wireshark, make sure you have enough disk space/swap space to back up 
a large virtual address space, and live with the slowness".

There may be changes in the future to reduce the memory requirements, but they're not trivial to make.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe