Ethereal-users: Re: [Ethereal-users] Using Ethereal for long tests

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>
Date: Tue, 23 Oct 2001 13:42:55 -0700 (PDT)
> I am using the Ethereal on Windows 2000 SP1.
> I am using the latest version of Ethereal from www.voice2sniff.org  (V
> 0.8.15 Ethereal, 0.4 a6 libpcap).

That's an old version of WinPcap, probably 2.02 or so.  We can't support
Ethereal working with that version; try installing the latest version,
2.2.  This may not work with the voice2sniff.org version of Ethereal, in
which case you're out of luck.

> Please let me know the possible reasons of why Ethereal stops sniffing after
> some time.

Perhaps the capture file got too big (did it stop at 2GB, for example?).

Perhaps there's some problem with WinPcap or the driver.

Perhaps you're using Ethereal in "Update list of packets in real time"
mode, and it ran out of memory.

Try using Tethereal with the "-w" flag, and see if it runs for an entire
day.

If Tethereal does run for the entire day, then see if you can read the
entire capture file in with Ethereal; if not, perhaps Ethereal ran out
of memory.

If Tethereal doesn't run for the entire day, try using WinPcap (specify
"-s 65535", so that you capture all of the packet, not just the first 68
or so bytes) with the "-w" flag, and see if *it* runs for an entire day.

If not, it's some Ethereal/Tethereal problem.

If so, then it's probably a WinPcap or driver problem, or the file just
got too big.