Ethereal-users: [Ethereal-users] Dealing with whomps of capture data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "David Kuder" <david.kuder@xxxxxxxxxx>
Date: Mon, 27 Aug 2001 13:33:22 -0700
We have a sporadic, impossible to reproduce, but very annoying
network problem.  In trying to capture the beast, we have set up
a capture box that uses tcpdump to gather data.  Every fifteen
minutes the tcpdump is killed and restarted on a fresh file.  After
about 4 hours the files are deleted as we run out of disk space.

Since we rely on user reports of the problem that come in after
the fact, we have to go back through the older captures to look
for the problem.

The typical 15 minute capture file is 400MB uncompressed.  Loading
that into ethereal on a Linux PC produces a lot of thrashing and
eventually a core dump.  Filtering the capture file can help when
we have enough information to pin it down.  But even a tethereal
filter has core dumped on me.

Does anyone have a clue for the clueless in dealing with this sort
of situation?  Maybe I need a different tool.  It is entirely
possible that I have overlooked some function of ethereal that
would help.