Wireshark · Wireshark-users: Re: [Wireshark-users] wireshark gets stuck while reading 247mb Logfile

Wireshark-users: Re: [Wireshark-users] wireshark gets stuck while reading 247mb Logfile

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>

Date: Tue, 20 Jun 2006 11:33:46 +0800



Sven Jansen wrote:

Hi,

Tcpdump on my debian sarge ran 1 month abd I rotated my Logfile every 20 mb.

Now I want to analyse all these 59 files with wireshark.

How can I do this in a fast and efficient way.
I tryed to merge 15 files to one and try to analyse it but wireshark got
stuck doing this.

We want to analyse how many traffic accrued and wich ports are used and who
did it (IP).

I know that under Statistics -> Conversation List -> TCP (IPv4 & IPv6) give
me the correct information.

Does Wireshark get stuck (hang) or does it exit/abort? If it hangs,even on a small capture file, do you have DNS resolution enabled?

If it's only hanging or exiting on larger capture files, it's probablyusing all of your RAM, then dipping into swap space (thus making yourcomputer very slow), and possibly eventually running out of memory andexiting. If that's the case, you could try some of the tips in:


http://wiki.wireshark.org/KnownBugs/OutOfMemory

to reduce the memory requirements of Wireshark.

References:
- [Wireshark-users] wireshark gets stuck while reading 247mb Logfile
  - From: Sven Jansen

Prev by Date: Re: [Wireshark-users] Capture machine spec?
Next by Date: Re: [Wireshark-users] Capture machine spec?
Previous by thread: [Wireshark-users] wireshark gets stuck while reading 247mb Logfile
Next by thread: [Wireshark-users] Administrivia: Wireshark lists now using Spamassassin
Index(es):
- Date
- Thread