Wireshark-users: Re: [Wireshark-users] Wireshark and Big Sniffs

From: Phil Paradis <Phil.Paradis@xxxxxxxxxxxxxx>
Date: Tue, 20 Apr 2010 20:57:49 -0700

If you are looking for specific traffic (e.g. a particular host and/or port, etc) you can use something like WinDump to filter the packets for each of the capture files, and then (if they are small enough) you could merge those together. You could also do it the other way around; use Windump to filter the already merged file.

 

--

Phillip R. Paradis | Network Engineer | United Tote | 2724 River Green Circle | Louisville | KY | Phone: +1 (502) 509-7445

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
Sent: Tuesday, April 20, 2010 10:26 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Wireshark and Big Sniffs

 

Hi,

These are some options:

  • Don't do the merge.
  • use Pilot (see Cace tech website http://www.cacetech.com/)
  • Visit http://wiki.wireshark.org/KnownBugs/OutOfMemory

Thanks,

Jaap

 

On Tue, 20 Apr 2010 10:24:04 +0200, <A.Fendt@xxxxxxxxxxxxxxxxxxxxxx> wrote:

Hello,

 

i’ve been capturing the whole traffic of my company. Every two hours I created a new file (ring buffer). Each file has the size of 100 – 200 Megabyte. Now I want to start a Endpoint Analyze. The first thing I made was to merge the Files to one large (10 GB).

 

If I open now the 10 GB Capture-File my Wireshark crashes every time. What should I do now?

 

Greetings

Andreas Fendt