Wireshark · Ethereal-users: Re: [Ethereal-users] Reading in a 1.2GB capture file

Ethereal-users: Re: [Ethereal-users] Reading in a 1.2GB capture file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Lorand JAKAB <jlori@xxxxx>

Date: Mon, 12 Apr 2004 16:36:38 +0200

On Mon, 2004-04-12 at 16:25, Michael Herchel wrote:
> Hi,
> 	When I attempt to read in a 1.2 GB libpcap capture file, my
> computer bogs down while loading the file. Eventually it generates a
> message indicating it ran out of virtual memory.
> 	I need a way to either load this file, so I can search and
> browse it, or I need a way to generate an ascii text file from this
> capture file (I realize this would be a very large file).
> 	Any help would be greatly appreciated!!

You can use tethereal (part of the ethereal package) to tranform a
binary capture file to a text file like this:

tethereal -r binary_file > text_file

But this will only show you the highest decoded level's information,
what would be shown in an ethereal window for each packet in the packet
list. If you need all the information (which will produce a huge file)
you can try to set the output to a tree format or PDML (which is
actually XML). The former is done like this:

tethereal -r binary_file -V > text_file

and the latter:

tethereal -r binary_file -T pdml > text_file

Hope this helps. Regards,
Lori

References:
- [Ethereal-users] Reading in a 1.2GB capture file
  - From: Michael Herchel

Prev by Date: [Ethereal-users] Reading in a 1.2GB capture file
Next by Date: Re: [Ethereal-users] Reading in a 1.2GB capture file
Previous by thread: [Ethereal-users] Reading in a 1.2GB capture file
Next by thread: Re: [Ethereal-users] Reading in a 1.2GB capture file
Index(es):
- Date
- Thread