Ethereal-users: RE: [Ethereal-users] Large Capture File Analysis

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Joao Rosa" <joao-p-rosa@xxxxxxxxxx>
Date: Thu, 6 Jul 2006 09:59:59 +0100
Dear Sirs

I am doing a work that works with very large files. I work in Telecommunication Company, which have a softswitch that control 26 Media Gateway. I have to catch all MGCP about 600 MB day and process the data. After some day de file will have a size near yours. The best thing to solve the problem (in my opinion) is make a kind of schedule which send several process to catch de data in several files, it is easy to do a C program, that is read the size of file and when the file arrive to (600 MB is a good size because tethereal , edicap and canpinfos work well with files with this size) send another windump process  for another file. In this way you do not lose information. I am using these methods to sniff continually the (VOIP backbone in my Company). I think is the best think to do because (in my experience) program that alloc memory dynamically like ethereal , tethereal and so on, are written in the compiler and in operating system that  have very difficulties , when the program ask a great quantity of memory.



With kinds regards
João Pereira Rosa

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of gnanda@xxxxxxxxxxx
Sent: quinta-feira, 6 de Julho de 2006 5:00
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] Large Capture File Analysis

Hello list members,

I have a large Ethereal capture file (12 GB) of VoIP data. Since the 
problem is intermittent, we had to let the capture run for around a 
week - otherwise I could've used a capture filter.

I'm trying to use editcap to break down the capture file into small 
chunks. The problem is that I don't know how many frames are in the 
capture file, which I need to know to break down the file using 
editcap. I use capinfos and it seems to sit there for more than 1/2 hr. 
I didn't wait for longer than 1/2 hour but I could if I have to.

Just wondering if anyone has experienced the same problem. Help would 
be appreciated as I really would like to analyze the capture data :-)

Cheers!

G. Nanda
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users