Hi Juan -
I work in support and most of the times when SE's or customers take traces, they usually don't know how to really use tcpdump and what not, so the traces (or collector) doesn't really care and therefore I get stuck with huge traces. I was hoping to use tethereal with the -R option and -w option to filter a file w/out launching the GUI and just peg (someone else's server) to chop the sucker down before I do open it up and take a look at it. I noticed that editcap and capinfos cannot open the file either, but I figured, if any of the programs that ship with WS wouldn't care for file sizes would've been capinfos but it does care :-) Would a 64bit edition of WS (or built on that platform) help any? Thanks, Alex Lee Riverbed Technology ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 04, 2007 8:02 AM To: [email protected] Subject: Re: [Wireshark-users] Wireshark and 2GB capture files Hi Alex, I never used CentOS, however independently of the OS it is recommended not to grow up to much the files to keep them manageable. Otherwise it takes too much to process them. Using multiple files when doing the capture and limiting them to lets say 100MB (or less) you can handle that more easily. In case you need to see all together wireshark can reassemble the files automatically opening subsequent files together. Br Juan ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ext Alex Lee Sent: Viernes, 04 de Mayo de 2007 05:18 a.m. To: [email protected] Subject: [Wireshark-users] Wireshark and 2GB capture files Hi - I was just wondering if there was support for trace files larger than 2GB on x86 machines (CentOS 5) by any chance? And if so, how do you go about getting this to work? 2.6.18-8.1.3.el5 libpcap-devel-0.9.4-8.1 libpcap-0.9.4-8.1 wireshark-0.99.5 sorry, I'm new, so I apologize if I didn't provide sufficient information. Alex
_______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
