> I really need to be able to open these large
> files in ethereal...any help would be appreciated.
Well, one possibility is
http://www.compaq.com/alphaserver/workstations/
as FreeBSD 4.1 should run on those as well....
Unfortunately, as Ethereal uses GTK's current CList widget (with some
minor modifications) for displaying packets, it has to allocate memory
for the strings for every single display column for every single packet
- which is rather a lot of memory. (I have a CList that I've hacked up
to display the lists by calling a function, and an Ethereal that
arranges that said CList call back to the dissector to generate the
columns on the fly, but it's *NOT* in shape to give out yet.)
I could imagine that it really *would* consume all that memory; what
does the C shell "limit" command report for "datasize"? If it's 500MB or
so, you may just be bumping up against that limit - try raising it (I
don't know what the hard limit is; if that's the hard limit, you may
have to be root to raise the hard limit and then raise the soft limit).
Another possibility might be to use "tcpslice" to carve the file into
pieces - it lets you extract packets from a file in a particular time
range - or use "editcap", which comes with Ethereal, to do that - it
supports ranges of packet numbers in the "record#" argument, with a
start number, a hyphen, and an end number.