Re: how to handle big files in wireshark

[Andrew Hood <ajhood () fl net au>]

Guy Harris wrote:
> On Jul 9, 2010, at 12:46 PM, Maverick wrote:
>
>
> > I have huge pcap files in Gbs which I want to analyze using wireshark but wireshark is extremely slow and crashes 
> > while opening those files. I tried breaking those files into smaller files but thats not very good solution as I have 
> > to open up each file and sometime relationship between files gets lost.
> >
> > Is there a decent way to handle huge files in wireshark .
>
>
> For now, the only way is "use a 64-bit version of Wireshark, make sure you have enough disk space/swap space to back 
> up a large virtual address space, and live with the slowness".

Except the 64 bit versions don't decode SNMP, unless someone has come up
with a 64 bit version of libsmi and changed the build recently.

-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe