Hello, not sure if this is the place for mergecap
questions –
When I run mergecap sometimes I receive the
error:
mergecap: Error reading probex_66159_20091014100306.pcap:
Less data was read than was expected
I run 500 file 50MB ring buffers on a dumpcap probe, and do a batch
copy at midnight to another file server of the whole ring, so I am suspecting
that this particular file was copied while the dumpcap probe was writing to the
file?
Is there a way around this? I can simply delete the file and merge the
rest – but then that means I have to wake up in the middle of the night
to babysit the process.
Also, is there a way to run mergecap in more
than one thread? I run it on a Win2k8-64 server and it shows 1 thread @ 25% CPU
and was wondering if there is a way to make utilize more.
-------------------------------------