Ethereal-users: RE: [Ethereal-users] Using Ethereal for long tests

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Vipin Palawat" <vpalawat@xxxxxxxxx>
Date: Tue, 23 Oct 2001 16:33:23 -0400
Hi Harris,

Thanks for your response.

I am using the Ethereal on Windows 2000 SP1.
I am using the latest version of Ethereal from www.voice2sniff.org  (V
0.8.15 Ethereal, 0.4 a6 libpcap).

Please let me know the possible reasons of why Ethereal stops sniffing after
some time.

Vipin






-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxx]
Sent: 23 October 2001 15:44
To: Vipin Palawat
Cc: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Using Ethereal for long tests


> 1) What are the recommended settings if I want to use Ethereal for a day
> long test.
>    It seems to work ok for some time and then stops Sniffing. I guess this
> has something
>    to do with configuration or filters. I can see a large number of
packets
> sniffed before
>    it stops sniffing.

It could have something to do with a lot of different things.  It could
be a problem with, say, the networking code in your OS (including, if
it's Windows, the WinPcap code; what version of what OS are you using,
and what version of libpcap/WinPcap are you using?), or with Ethereal,
or....

> 2) How can I specify the max. size of files and max. no. of files so that
my
> machine doesn't run out of disk space.

You can't.  Ethereal currently doesn't support that.

> 3) I am trying to capture a corrupted message. Can I write some kind of
> filter which will *only*
>    capture the error messages or corrupted message ??

That would depend on the form of the error message or corrupted message.
The syntax of capture filters is documented in the libpcap/WinPcap man
page; see whether it's sufficiently powerful to allow you to construct
an expression that matches only the message in question (which it may
well not be - for example, it's incapable of doing any processing that
involves a loop).