Ethereal-users: RE: [Ethereal-users] Help automating Historical
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Cory Perry (SNL:434-951-7463)" <CPerry@xxxxxxx>
Date: Mon, 21 Nov 2005 12:37:24 -0500
I do save to a dedicate drive, 1.6 TB. I am limited by Tethereal code to only 1024 files max. I haven't figured out how to get pass this limitation. There was a lot of talk on this several years back in news group. With limit of 1024 files and file size of 300 MB, only gets me 3 days of data. 300 MB captures are painful to work with and it looks like I need to bump the size to 600MB or greater. If I can't resolve I will probably reduce packet capture size to a least get larger window of data. Or check out Niksun's NetVCR. > > Message: 11 > Date: Fri, 18 Nov 2005 14:58:41 -0600 > From: "Eric Jaakkola" <eriq@xxxxxxxxxxxxxxx> > Subject: RE: [Ethereal-users] Help automating Historical > networkcapture-rollover > To: "'Ethereal user support'" <ethereal-users@xxxxxxxxxxxx> > Message-ID: <004e01c5ec82$db4bd1d0$0200000a@xxxxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="us-ascii" > > I didn't read your original post, but why not save the packets to a > dedicated drive so that the free space is constant. Then just set the > rollover number and file size appropriately. > > -----Original Message----- > From: ethereal-users-bounces@xxxxxxxxxxxx > [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Cory Perry > (SNL:434-951-7463) > Sent: Friday, November 18, 2005 2:50 PM > To: ethereal-users@xxxxxxxxxxxx > Subject: RE: [Ethereal-users] Help automating Historical > networkcapture-rollover > > Not sure what I might be troubleshooting at any point in time so > difficult to create filter. Same for packet size, if > troubleshooting URL > strings and session information, that could be deep within packet. > > I have thought of setting unlimited rollover but have been hitting my > nogin against a wall trying to figure out best way to handle files and > space management. How to automatically delete older files without > running out of space for new files. > > Like several people, I would like to take a vacation once in a blue > moon. ;) > > Thanks for response. > > > > > > > >Message: 1 > >Date: Thu, 17 Nov 2005 11:00:30 -0500 > >From: "David DuPre" <david@xxxxxxxxxxxxxxxx> > >Subject: RE: [Ethereal-users] Help automating Historical network > >capture-rollover > > > >To: "'Ethereal user support'" <ethereal-users@xxxxxxxxxxxx> > >Message-ID: <00e901c5eb90$09543a20$6a00a8c0@DellTechsup> > > > >You might consider capturing only partial packets. Try some > tests with > capturing only the first 90bytes of each packet. > >Then analyze it...if that isn't enough expand it to 180bytes, and > check. > >You might find that you only need the first XXX bytes of the > 1500 byte > packet to understand the problem you are researching. This > could reduce > >the amount of data. > > > >Another possible option is to only capture packets with a > payload...so > nothing smaller than XX bytes would be captured. > >This could hide a network error though... > > > >Hope that helps, > > >David > > >P.S. I run Ethereal on Linux 24x7 capturing filtered > traffic. I set it > up for unlimited rollover at a specific file size. Then if I need to > >analyze a certain part of a day I use the mergecap to put the files > together and look at them as one large file. > > > > > > > _______________________________________________ > Ethereal-users mailing list > Ethereal-users@xxxxxxxxxxxx > http://www.ethereal.com/mailman/listinfo/ethereal-users > > > > > ------------------------------ > > Message: 12 > Date: Fri, 18 Nov 2005 22:01:58 -0500 > From: Hansang Bae <hbae@xxxxxxxxxx> > Subject: RE: [Ethereal-users] Help automating Historical network > capture-rollover > To: Ethereal user support <ethereal-users@xxxxxxxxxxxx> > Message-ID: <6.2.3.4.2.20051118220005.02620098@xxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="us-ascii" > > At 03:49 PM 11/18/2005, Cory Perry (SNL:434-951-7463) wrote: > >Not sure what I might be troubleshooting at any point in time so > >difficult to create filter. Same for packet size, if > troubleshooting URL > >strings and session information, that could be deep within packet. > > > >I have thought of setting unlimited rollover but have been hitting my > >nogin against a wall trying to figure out best way to handle > files and > >space management. How to automatically delete older files without > >running out of space for new files. > > Then perhaps you are using the wrong tool. I don't consider > Ethereal/winpcap to be an ideal solution to long term > capturing. For that, I would consider Niksun's NetVCR. > > As far as slice size goes, you rarely need to see more than > 128 bytes. Or even 256 bytes if URL is important. For that > *ONE* case where you may need to see more, you are wasting > volumes of disk space. > > hsb > > > > ------------------------------ > > Message: 13 > Date: Sat, 19 Nov 2005 09:23:11 +0100 > From: "Jacques, Olivier (OCBU-Test Infra)" <olivier.jacques@xxxxxx> > Subject: RE: [Ethereal-users] ss7 monitoring query > To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx> > Message-ID: > > <1AB048BB58C35849AD36CDE65F16C110021E17FC@xxxxxxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="us-ascii" > > Skipped content of type multipart/alternative > > ------------------------------ > > _______________________________________________ > Ethereal-users mailing list > Ethereal-users@xxxxxxxxxxxx > http://www.ethereal.com/mailman/listinfo/ethereal-users > > > End of Ethereal-users Digest, Vol 31, Issue 20 > ********************************************** > >
- Prev by Date: Re: [Ethereal-users] Help Me
- Next by Date: Re: [Ethereal-users] Upgradation problem;Please Help
- Previous by thread: [Ethereal-users] Automatic trace capturing with Ethereal as WinXp
- Next by thread: [Ethereal-users] Multiple retransmissions
- Index(es):
