Hi,
Ethereal capture with "update list in real time" combines the capture
action with dissection of the received packets. Since Ethereal has a lot
of intelligence build in to analyse all protocol details in the
scope of the complete capture Ethereals' memory consumption will grow over
time. How much is all depending on the protocols dissected and the
complexity of their interrelation.
Bottom line: Don't capture in one huge file. It's not manageble. Use the
multiple file option to split you capture.
Thanx,
Jaap
On Fri, 7 Apr 2006, Gaurav Batra wrote:
> Hi,
>
> I am using Ethereal with version 0.10.14. I ran Ethereal to capture packets
> with the interface ?VIA Rhine II Fast Ethernet Adapter
> : \Device\NPF_{588609BD-341C-482C-AC1C-E10E0545CC63}?. After capturing
> around 1,000,000 packets Ethereal crashed because of low Virtual memory. For
> this capture I used option "update list of packets in real time" and
> "multiple files option" to dump packets in hard disk after every 1 MB of
> capture.
>
> But When I do not use the option,"update list of packets in real time",
> Virtual memory used by ethereal is minimal and there is no problem while
> capturing for long period.
>
> Is there any way by which I could use options "update list of packets in
> real time" and capture for long period of time?
>
> Whats the approximate maximum number of packets (or duration) captured by
> ethereal with option "update list of packets in real time" ?
>
> Thanks in advance.
>
> Regards,
> Gaurav
>
>
> Regards,
> Gaurav
>
>