that sounds like the job for a shellscript
run the captures to capture a more reasonable 100mbyte at a time
instead of tiny 10mbyte.
then run something like :
ls *.cap | while read CAPFILE; do tshark -n -r ${CAPFILE} -w
${CAPFILE}.ldap -R "ldap.authentication==0" ; done
mergecap -w all_simple_sasl.cap *.cap.ldap
If you are on windows and thus shellscript challenged you can
improve your wireshark experience by installing cygwin so that simple
things like this become scriptable.
On 10/26/06, Stephen Fisher <[EMAIL PROTECTED]> wrote:
> On Thu, Oct 26, 2006 at 04:49:45PM +1000, [EMAIL PROTECTED] wrote:
>
> > Cheers, I had tried using 'tcp port 389' but in needing to do a 24hr
> > capture resulted in a lot of info. Even when splitting the data
> > amongst multiple files resulted in 10Mb x 260 files. Opening this many
> > files would be too much. I'm not sure of what the maximum file size
> > WireShark can handle in opening, may give 150Mb a go instead of 10Mb
> > multiple file sizes.
>
> This page gives some tips on improving performance when using large
> capture files:
>
> http://wiki.wireshark.org/Performance
>
> The size of capture file supported is only limited by the amount of RAM
> you have and CPU speed to process all of the packets. I don't think
> there is an official upper limit.
>
>
> Steve
>
> _______________________________________________
> Wireshark-users mailing list
> [email protected]
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users
