On Sep 17, 2003, at 10:08 AM, Laryn Bakker wrote:
Good afternoon! I'm new to Ethereal (and to Xterm, etc), but I've managed--with great help from Guy Harris--to get Ethereal running on my Mac OS X machine. I've been researching the documentation and have figured out how to filter the capture on ports to capture only pop3, smtp, imap, and http, but the files are still enormous. They do provide very useful info, though. One other task I wonder if Ethereal can do, is to become a bandwidth tracker--is there any way to instruct the program to just keep track of how much gets put through each port?
Not really - it's primarily designed to capture traffic and analyze it in detail.
You might want to look at ntop:
http://www.ntop.org/ntop.html
Also, the program seems to crash on me semi-regularly. Two messages from Xterm are below:
Gdk-WARNING **: locale not supported by C library *** malloc: vm_allocate(size=131072) failed with 4294966995 *** malloc[18035]: error: Can't allocate region mach_port_type() failed (ipc/mig) wrong reply message ID task_get_bootstrap_port() failed (ipc/mig) wrong reply message ID Abort [srv13:/sw/bin] root# ethereal
Gdk-WARNING **: locale not supported by C library *** malloc: vm_allocate(size=131072) failed with 4294966995 *** malloc[18418]: error: Can't allocate region mach_port_type() failed (ipc/rcv) msg too large task_get_bootstrap_port() failed (ipc/mig) wrong reply message ID Abort
Has anyone seen this message before,
Yes - I've seen it when capturing traffic. The odd thing is that if I make Ethereal read the capture file it left behind, it doesn't happen.
I'll have to try setting the core size in my Terminal windows so that it creates a core dump file and, if I get one, do some post-mortem analysis. (I'll also have to try looking at the OS X source to see why it emits all those Mach complaints when it happens.)
