Wireshark · Wireshark-users: [Wireshark-users] Reading from a large trace file

Wireshark-users: [Wireshark-users] Reading from a large trace file

From: "Kamran Shafi" <kamran.shafi@xxxxxxxxx>

Date: Sun, 13 Apr 2008 11:09:13 +1000

Hello folks,

I have recently joined the list so apologies it the question has already been asked.

I am trying to read a large trace file (around 3 GB) stored with tcpdump -w flag to get the protocol statistics from Wireshark. I am on Windows XP Pro with 1 GB RAM. The Wireshark complains about the memory and crashes when trying to read this file. I guess it is trying to store everything in the memory before giving any stats. Is there a way to make Wireshark read without storing the packets but giving details about the trace at the end.

--
Regards
Kam

Follow-Ups:
- Re: [Wireshark-users] Reading from a large trace file
  - From: Barry Constantine

Prev by Date: Re: [Wireshark-users] Same SEQ number but different ACKs
Next by Date: [Wireshark-users] Installing Wireshark on OS X = clear as mud
Previous by thread: Re: [Wireshark-users] Same SEQ number but different ACKs
Next by thread: Re: [Wireshark-users] Reading from a large trace file
Index(es):
- Date
- Thread