On Sep 17, 2003, at 10:08 AM, Laryn Bakker wrote:
Good afternoon! I'm new to Ethereal (and to Xterm, etc), but I've
managed--with great help from Guy Harris--to get Ethereal running on
my Mac OS X machine. I've been researching the documentation and have
figured out how to filter the capture on ports to capture only pop3,
smtp, imap, and http, but the files are still enormous. They do
provide very useful info, though. One other task I wonder if Ethereal
can do, is to become a bandwidth tracker--is there any way to instruct
the program to just keep track of how much gets put through each port?
Not really - it's primarily designed to capture traffic and analyze it
in detail.
You might want to look at ntop:
http://www.ntop.org/ntop.html
Also, the program seems to crash on me semi-regularly. Two messages
from Xterm are below:
Gdk-WARNING **: locale not supported by C library
*** malloc: vm_allocate(size=131072) failed with 4294966995
*** malloc[18035]: error: Can't allocate region
mach_port_type() failed (ipc/mig) wrong reply message ID
task_get_bootstrap_port() failed (ipc/mig) wrong reply message ID
Abort
[srv13:/sw/bin] root# ethereal
Gdk-WARNING **: locale not supported by C library
*** malloc: vm_allocate(size=131072) failed with 4294966995
*** malloc[18418]: error: Can't allocate region
mach_port_type() failed (ipc/rcv) msg too large
task_get_bootstrap_port() failed (ipc/mig) wrong reply message ID
Abort
Has anyone seen this message before,
Yes - I've seen it when capturing traffic. The odd thing is that if I
make Ethereal read the capture file it left behind, it doesn't happen.
I'll have to try setting the core size in my Terminal windows so that
it creates a core dump file and, if I get one, do some post-mortem
analysis. (I'll also have to try looking at the OS X source to see why
it emits all those Mach complaints when it happens.)