Daniel Goolsby wrote:
I sifted through some of the archives but couldn't find anything whether
this was going to be fixed. I started capturing all port 80 traffic..
every hour i send that tcpdump to another machine, so at the end of the
day i wanted to merge all the traffic together in one nasty port 80
tcpdump file.
regardless, mergecap stops at 2g. I made sure and compiled merge on a
Sparc Sun box, i also recompiled zlib to make sure it was at least
compiled on a 64bit machine- no telling if it had any real effect.
regardless, it still stops after the 2 gig limit has been reached on the
new dump file i'm trying to create. Are there any other tools that can
merge tcpdump files that anyone knows of that doesn't have this limit?
I could probably 'tcpreplay' the individual files on an interface that
isn't being used, and tcpdump that one, but that's the only workaround
i've thought up so far.
Any suggestions/comments?
One other thought is: what will you do with a capture file > 2 Gb big?
Are you aware that Wireshark needs a lot of memory to open large capture
files:
http://wiki.wireshark.org/KnownBugs/OutOfMemory
?