Hi,
Thanks for your help. How can I use tcpdump/windump??? And will I be
able to open the results using Ethereal after? Because my problem right
now is the following. I gathered packets all weekend (3 days) using
mutliple files (created every hour). So in the end, I had like 50 files
to analyze. The thing is that when I open a file using Ethereal, it
takes about 2 minutes to open. Imagine I want to analyze them together,
I would need to open 50 files 1 by 1, which wouldn't make any sense. Is
there a solution to this?
Thanks.
-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Francisco
Alcoba (TS/EEM)
Sent: Friday, April 22, 2005 2:07 AM
To: Ethereal user support
Subject: RE: [Ethereal-users] Ethereal 64 bit
Hi,
> I have 4 PC's running one application on each PC and let Ethereal
> collect packets. After a period of time (about 2 hours), Ethereal does
> not respond anymore and I need to kill the process in task manager.
> Thus I cant get the results (packets captured). Does anyone have an
> idea of what to do in this case?
Generally speaking, if you want to capture continuously and then process
the files in any way, ethereal is probably not the best tool to use. You
can use tcpdump/windump, which are much lighter, to collect the
information, and
afterwards use ethereal/tethereal to analyze it. That, of course, unless
you need to watch the results in realtime, which is what ethereal is
really good at. And, as has already been said, it makes it easier to use
multiple files. If
you later need to analyze them together -e.g. because there are
inter-file
dependencies- you can always merge them.
Regards,
Francisco
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users