I've never used this for such big files,
but take a look at Xplico, it's a protocol dissector at the application
layer level with a web GUI, it's pretty powerful so i would take a look,
it's also distributed in a preinstalled virtualbox VM, so you can give
it a try without bothering about the installation.
Francesco.
Ian Schorr ha scritto:
Yes, tshark generally requires much less memory, from need not to
build the packet list (which comprises a very significant portion of
the Wireshark memory usage) and some of the structures not maintainted
through multiple passes. It's quite powerful, and I use it in many
cases specifically because of capture size.
-Ian
On Sat, Jul 10, 2010 at 10:36 AM, Bryan Hoyt | Brush Technology
<bryan@xxxxxxxxxxx> wrote:
Have you looked at tshark at all? ...
I don't know for sure, but I'd assume that it uses significantly less memory
than Wireshark, because I don't think it would try to load the whole file at
once.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe