Re: how to handle big files in wireshark

[Maverick <myeaddress () gmail com>]

Thanks for the response , If I break files down into many pcap files is
there any way that I can have access to all those broken files. Like if I
select follow stream option would it be possible to get streams that are in
the other broken files.

Thanks
MK

On Fri, Jul 9, 2010 at 3:57 PM, Guy Harris <guy () alum mit edu> wrote:

> On Jul 9, 2010, at 12:46 PM, Maverick wrote:
>
> > I have huge pcap files in Gbs which I want to analyze using wireshark but
> wireshark is extremely slow and crashes while opening those files. I tried
> breaking those files into smaller files but thats not very good solution as
> I have to open up each file and sometime relationship between files gets
> lost.
> > Is there a decent way to handle huge files in wireshark .
>
> For now, the only way is "use a 64-bit version of Wireshark, make sure you
> have enough disk space/swap space to back up a large virtual address space,
> and live with the slowness".
>
> There may be changes in the future to reduce the memory requirements, but
> they're not trivial to make.
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe