Ethereal-users: Re: [Ethereal-users] Reading in a 1.2GB capture file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Mon, 12 Apr 2004 10:46:06 -0400
You should be able to split the binary file by time start/stop of capture also.

Jim

----- Original Message -----
From: Lorand JAKAB <jlori@xxxxx>
Date: Monday, April 12, 2004 10:36 am
Subject: Re: [Ethereal-users] Reading in a 1.2GB capture file

> On Mon, 2004-04-12 at 16:25, Michael Herchel wrote:
> > Hi,
> > 	When I attempt to read in a 1.2 GB libpcap capture file, my
> > computer bogs down while loading the file. Eventually it 
> generates a
> > message indicating it ran out of virtual memory.
> > 	I need a way to either load this file, so I can search and
> > browse it, or I need a way to generate an ascii text file from this
> > capture file (I realize this would be a very large file).
> > 	Any help would be greatly appreciated!!
> 
> You can use tethereal (part of the ethereal package) to tranform a
> binary capture file to a text file like this:
> 
> tethereal -r binary_file > text_file
> 
> But this will only show you the highest decoded level's information,
> what would be shown in an ethereal window for each packet in the 
> packetlist. If you need all the information (which will produce a 
> huge file)
> you can try to set the output to a tree format or PDML (which is
> actually XML). The former is done like this:
> 
> tethereal -r binary_file -V > text_file
> 
> and the latter:
> 
> tethereal -r binary_file -T pdml > text_file
> 
> Hope this helps. Regards,
> Lori
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>