Ethereal-users: Re: [Ethereal-users] Statistics of data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: spamcontrol2@xxxxxxxxx
Date: Tue, 14 Jan 2003 16:14:12 +0000
Hi Ilkka,

I'll defer tool recommendations to other people on the list, except to suggest
browsing through the links and tools at the Ethereal Links page
(http://www.ethereal.com/links.html).  

What I really wanted to ask, though, is if you'd considered simply breaking up
the 600MB file into smaller chunks with editcap.  I believe this will be a bit
of a pain - editcap allows you to split up files by "record number", so you
could start splitting up files like so:

editcap BigCapFile SmallCapFile1 1-20000
editcap BigCapFile SmallCapFile2 20001-40000
editcap BigCapFile SmallCapFile3 40001-60000
...

...until you find the end of your large capture file.  The downside here is that
this is a very manual process (though easily scripted), and it will be difficult
or impossible for you to guess how large each of your output files will be, how
many records to choose per SmallCapFile, etc.  You may need to do some
experimentation here to get the file size(s) you need.

If anyone on the list can recommend a better way of doing this with editcap,
BTW, I'd love to read about it.

In the future, too, if you're using Ethereal or tethereal to capture the data,
you might want to consider turning on the "ring buffer" feature, saving to
multiple files, and limiting the file size.  This would allow you to create
smaller, more manageable files right when you first capture.  

For example, going into Capture->Start in Ethereal, enabling "use ring buffer",
setting 10 files, and setting the capture file size ("Rotate capture file
every:" box) to 100000 kilobytes should allow you to capture 1 GB of data, but
have 10 seperate 100MB files.

Ian
> Hi,
> 
> I have a 600MB file of data that Ethereal captured during one day.
> 
> Now, I would like to analyze this data, to print graphs of transferred bytes 
for 
> each time unit (1s, 1minute, or some other interval).
> 
> The problem is that Ethereal itself is not capable of handling this big file, 
> due to memory constraints of my machine, and it even crashes in some point. 
> 
> What other software I could use to analyze this amount of data? In Windows or 
> Linux.
> 
> Thanks,
> Ilkka