Ethereal-users: RE: [Ethereal-users] Ethereal 64 bit
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "GRANDILLO Massimo" <mgrandil@xxxxxxxxxxx>
Date: Wed, 27 Apr 2005 08:47:10 -0400
Ok...so can I use tcpdump/windump to gather packets, and then analyze it with Ethereal? Would that solve my problem? What I want to do is gather packets over a long period of time. And be able to analyze the information afterwards. With Ethereal, the multiple files created were not only too big, but there was a lot of files created and I would need to merge them to analyze the info globally. So my understanding is that I wont be able to analyze the packets with tcpdump, but it wont freeze up on me for continuous gathering of packets...but how can I analyze the packets?? Thanks again for your help. -----Original Message----- From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Francisco Alcoba (TS/EEM) Sent: Monday, April 25, 2005 9:12 AM To: 'Ethereal user support' Subject: RE: [Ethereal-users] Ethereal 64 bit The first thing to ask is why it is taking so long. Are they very large files? Have you tried to deactivate name resolution -which has some problems of sluggish response in specific situations-? Depending on what you need, you could merge the files into a large one that might take very long to open, but only once, or use tethereal instead of ethereal, which can be automated in a script. You might also want to filter them down to smaller files, it really depends on what you will need the data for. As for tcpdump/windump, you just use them from the command line to capture data towards a file. The good part is that it does not -if used with the proper arguments- analyze the packets, and it stores no information from them, so it has potentially less problems to be continuously used. The default file formats are compatible -libpcap-. Regards, Francisco > Hi, > > Thanks for your help. How can I use tcpdump/windump??? And will I be > able to open the results using Ethereal after? Because my problem > right now is the following. I gathered packets all weekend (3 days) > using mutliple files (created every hour). So in the end, I had > like 50 files > to analyze. The thing is that when I open a file using Ethereal, it > takes about 2 minutes to open. Imagine I want to analyze them > together, > I would need to open 50 files 1 by 1, which wouldn't make any > sense. Is > there a solution to this? > Thanks. > > > -----Original Message----- > From: ethereal-users-bounces@xxxxxxxxxxxx > [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Francisco > Alcoba (TS/EEM) > Sent: Friday, April 22, 2005 2:07 AM > To: Ethereal user support > Subject: RE: [Ethereal-users] Ethereal 64 bit > > > Hi, > > > I have 4 PC's running one application on each PC and let Ethereal > > collect packets. After a period of time (about 2 hours), > Ethereal does > > > not respond anymore and I need to kill the process in task manager. > > Thus I cant get the results (packets captured). Does anyone have an > > idea of what to do in this case? > > Generally speaking, if you want to capture continuously and > then process > > the files in any way, ethereal is probably not the best tool > to use. You > can use tcpdump/windump, which are much lighter, to collect the > information, and > afterwards use ethereal/tethereal to analyze it. That, of > course, unless > you need to watch the results in realtime, which is what ethereal is > really good at. And, as has already been said, it makes it > easier to use > multiple files. If > you later need to analyze them together -e.g. because there are > inter-file > dependencies- you can always merge them. > > Regards, > Francisco > > _______________________________________________ > Ethereal-users mailing list > Ethereal-users@xxxxxxxxxxxx > http://www.ethereal.com/mailman/listinfo/ethereal-users > > _______________________________________________ > Ethereal-users mailing list > Ethereal-users@xxxxxxxxxxxx > http://www.ethereal.com/mailman/listinfo/ethereal-users > _______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
- Prev by Date: [Ethereal-users] I'm getting following error when I'm trying to use Ethereal Version 0.10.10 with my Windows XP (SP1) machine.
- Next by Date: [Ethereal-users] unable to capture on any interface
- Previous by thread: RE: [Ethereal-users] Ethereal 64 bit
- Next by thread: [Ethereal-users] Warnings running ethereal
- Index(es):