Wireshark · Wireshark-users: Re: [Wireshark-users] Reading from a large trace file

Wireshark-users: Re: [Wireshark-users] Reading from a large trace file

From: "Barry Constantine" <Barry.Constantine@xxxxxxxx>

Date: Sun, 13 Apr 2008 07:32:39 -0700

You can split the file using the command line editcap.

First run “capinfos” command line to determine how many frames are in the trace file, then use editcap to split into manageable size chunks.

-Barry

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Kamran Shafi
Sent: Saturday, April 12, 2008 9:09 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Reading from a large trace file

Hello folks,

I have recently joined the list so apologies it the question has already been asked.

I am trying to read a large trace file (around 3 GB) stored with tcpdump -w flag to get the protocol statistics from Wireshark. I am on Windows XP Pro with 1 GB RAM. The Wireshark complains about the memory and crashes when trying to read this file. I guess it is trying to store everything in the memory before giving any stats. Is there a way to make Wireshark read without storing the packets but giving details about the trace at the end.

--
Regards
Kam

Follow-Ups:
- Re: [Wireshark-users] Reading from a large trace file
  - From: Kamran Shafi

References:
- [Wireshark-users] Reading from a large trace file
  - From: Kamran Shafi

Prev by Date: Re: [Wireshark-users] Same SEQ number but different ACKs
Next by Date: Re: [Wireshark-users] Installing Wireshark on OS X = clear as mud
Previous by thread: [Wireshark-users] Reading from a large trace file
Next by thread: Re: [Wireshark-users] Reading from a large trace file
Index(es):
- Date
- Thread