Hi Daniel,
If you are running on wondows FAT32 disk partition, that is the limitation.
Try NTFS.
Regards,
SL Saw
From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Reply-To: Community support list for Wireshark
<wireshark-users@xxxxxxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] 2 gig limit on mergecap
Date: Thu, 23 Nov 2006 08:51:11 +0800
Daniel Goolsby wrote:
> I sifted through some of the archives but couldn't find anything whether
> this was going to be fixed. I started capturing all port 80 traffic..
> every hour i send that tcpdump to another machine, so at the end of the
> day i wanted to merge all the traffic together in one nasty port 80
> tcpdump file.
>
> regardless, mergecap stops at 2g. I made sure and compiled merge on a
> Sparc Sun box, i also recompiled zlib to make sure it was at least
> compiled on a 64bit machine- no telling if it had any real effect.
>
> regardless, it still stops after the 2 gig limit has been reached on the
> new dump file i'm trying to create. Are there any other tools that can
> merge tcpdump files that anyone knows of that doesn't have this limit?
>
> I could probably 'tcpreplay' the individual files on an interface that
> isn't being used, and tcpdump that one, but that's the only workaround
> i've thought up so far.
>
> Any suggestions/comments?
One other thought is: what will you do with a capture file > 2 Gb big?
Are you aware that Wireshark needs a lot of memory to open large capture
files:
http://wiki.wireshark.org/KnownBugs/OutOfMemory
?
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_________________________________________________________________
Share your latest news with your friends with the Windows Live Spaces
friends module.
http://clk.atdmt.com/MSN/go/msnnkwsp0070000001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mk