Daniel Goolsby wrote: > I sifted through some of the archives but couldn't find anything whether > this was going to be fixed. I started capturing all port 80 traffic.. > every hour i send that tcpdump to another machine, so at the end of the > day i wanted to merge all the traffic together in one nasty port 80 > tcpdump file. > > regardless, mergecap stops at 2g. I made sure and compiled merge on a > Sparc Sun box, i also recompiled zlib to make sure it was at least > compiled on a 64bit machine- no telling if it had any real effect. > > regardless, it still stops after the 2 gig limit has been reached on the > new dump file i'm trying to create. Are there any other tools that can > merge tcpdump files that anyone knows of that doesn't have this limit? > > I could probably 'tcpreplay' the individual files on an interface that > isn't being used, and tcpdump that one, but that's the only workaround > i've thought up so far. > > Any suggestions/comments?
One other thought is: what will you do with a capture file > 2 Gb big? Are you aware that Wireshark needs a lot of memory to open large capture files: http://wiki.wireshark.org/KnownBugs/OutOfMemory ? _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
