Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how to handle big files in wireshark

From: Rampage <atomikramp () email it>
Date: Sat, 10 Jul 2010 19:22:20 +0200
I've never used this for such big files,
but take a look at Xplico, it's a protocol dissector at the application 
layer level with a web GUI, it's pretty powerful so i would take a look, 
it's also distributed in a preinstalled virtualbox VM, so you can give 
it a try without bothering about the installation.

Francesco.

Ian Schorr ha scritto:

Yes, tshark generally requires much less memory, from need not to
build the packet list (which comprises a very significant portion of
the Wireshark memory usage) and some of the structures not maintainted
through multiple passes.  It's quite powerful, and I use it in many
cases specifically because of capture size.

-Ian

On Sat, Jul 10, 2010 at 10:36 AM, Bryan Hoyt | Brush Technology
<bryan () brush co nz> wrote:
  

Have you looked at tshark at all? ...
I don't know for sure, but I'd assume that it uses significantly less memory
than Wireshark, because I don't think it would try to load the whole file at
once.
    

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
  


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: