Wireshark-users: Re: [Wireshark-users] Maximum file size?

From: "Joel Seidman" <joel2009@xxxxxxxxxxx>
Date: Tue, 27 Oct 2009 21:40:35 -0700
Hi, Jaap.

Thank you for the referral to CACE. I downloaded their demo version
today, and we are very impressed by it! It looks extremely helpful
(although we didn't budget for it!). I haven't yet tested it with any
humongous files, but I'm hopeful.

-- Joel

On Tue, 27 Oct 2009 11:43 +0100, "Jaap Keuter" <jaap.keuter@xxxxxxxxx>
wrote:
> Hi,
> 
> Like Anders says, there are multiple factors, of which #2 is usually the
> most common cause of hitting the memory barrier.
> 
> > The purpose is to use
> > Wireshark's analytical capabilities to process a very large set of data
> in
> > toto.)
> 
> CACE Technologies [1] understood this requirement and created Pilot for
> that. 
> Have a look at "Enhance Wireshark" on the Wireshark website.
> 
> Thanx,
> Jaap
> 
> [1] CACE Technologies is the host for open source Wireshark and
> commercial
> advanced capture tools.
> 
> 
> On Tue, 27 Oct 2009 08:25:08 +0100, "Anders Broman"
> <anders.broman@xxxxxxxxxxxx> wrote:
> > Hi,
> > There is separate issues here:
> > 1) The largest file pointer possible to use e.g. physical file size.
> > 2) The amount of memory used by Wireshark when analyzing a file/trace.
> > 
> > 2 depends on the protocols in the trace and on preference settings in
> > Wireshark, reassembly
> > Uses memory conversation tracking does to etc.
> > 
> > A lot of work has been put into the trunk version of Wireshark to try to
> > reduce the amount of memory used,
> > fix memory leaks etc and also to speed up loading of the file.
> Development
> > snapshot 1.3.1 is due to be released soon or you could try a development
> > build.
> > 
> > Note that with large files filtering and other operations may becom slow
> > so you want to keep your files as small as possible.
> > 
> > Regards
> > Anders
> > 
> > -----Original Message-----
> > From: wireshark-users-bounces@xxxxxxxxxxxxx
> > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Joel Seidman
> > Sent: den 27 oktober 2009 06:21
> > To: wireshark-users@xxxxxxxxxxxxx
> > Subject: [Wireshark-users] Maximum file size?
> > 
> > Hi All.
> > 
> > I want to know the maximum capture file size (if there is one) that can
> be
> > loaded into 64-bit wireshark. I can't seem to find a definitive answer. 
> > 
> > I recently installed V 1.2.2 (SVN Rev. 29910) on a Vista computer (with
> a
> > substantial amount of RAM). I selected the 64-bit version when I
> downloaded
> > it. I believe the required Service Pack was installed also (need to
> > confirm).
> > 
> > I eventually expect to have a capture file of several hundred MB or
> more.
> > I haven't actually had a problem loading a large file in 64-bit wire
> shark
> > (did with 32-bit version), but I did an experiment that may be related.
>  I
> > have a capture file of 143 Meg. I loaded it, which went OK. Then I
> > attempted to load it again in concatenation mode, and got an error box:
> > "This application has requested the Runtime to terminate in an unusual
> way.
> > Please contact the application support team for more information...".
> > 
> > So my question is, basically, what's the max? And whatever the answer,
> is
> > it possible to increase it by re-building from source? Any other
> > suggestions?
> > 
> > (I have read suggestions to break a large file up into smaller pieces,
> but
> > I'd like to avoid that step if it's possible. The purpose is to use
> > Wireshark's analytical capabilities to process a very large set of data
> in
> > toto.)
> > 
> > TIA.
> > 
> > -- Joel
> > 
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
-- 
  Joel Seidman
  joel2009@xxxxxxxxxxx

-- 
http://www.fastmail.fm - A no graphics, no pop-ups email service