If you are looking for specific traffic (e.g. a particular host and/or
port, etc) you can use something like WinDump to filter the packets for each of
the capture files, and then (if they are small enough) you could merge those
together. You could also do it the other way around; use Windump to filter the
already merged file.
--
Phillip R. Paradis | Network Engineer | United
Tote | 2724 River Green Circle | Louisville | KY | Phone: +1 (502)
509-7445
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
Sent: Tuesday, April 20, 2010 10:26 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Wireshark and Big Sniffs
Hi,
These are some options:
- Don't do the merge.
- use Pilot (see Cace tech website
http://www.cacetech.com/)
- Visit
http://wiki.wireshark.org/KnownBugs/OutOfMemory
Thanks,
Jaap
On Tue, 20 Apr 2010 10:24:04 +0200, <A.Fendt@xxxxxxxxxxxxxxxxxxxxxx> wrote:
i’ve
been capturing the whole traffic of my company. Every two hours I created a new
file (ring buffer). Each file has the size of 100 – 200 Megabyte. Now I want to
start a Endpoint Analyze. The first thing I made was to merge the Files to one
large (10 GB).
If
I open now the 10 GB Capture-File my Wireshark crashes every time. What should
I do now?
