Ethereal-users: RE: [Ethereal-users] Ethereal 64 bit

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Francisco Alcoba (TS/EEM)" <francisco.alcoba@xxxxxxxxxxxx>
Date: Mon, 25 Apr 2005 15:12:21 +0200
The first thing to ask is why it is taking so long. Are they very large files?
Have you tried to deactivate name resolution -which has some problems of
sluggish response in specific situations-?

Depending on what you need, you could merge the files into a large one that
might take very long to open, but only once, or use tethereal instead of
ethereal, which can be automated in a script. You might also want to filter
them down to smaller files, it really depends on what you will need the data for.

As for tcpdump/windump, you just use them from the command line to capture data
towards a file. The good part is that it does not -if used with the proper arguments-
analyze the packets, and it stores no information from them, so it has potentially
less problems to be continuously used. The default file formats are compatible -libpcap-.

Regards,

  Francisco


>  Hi,
> 
> Thanks for your help. How can I use tcpdump/windump??? And will I be
> able to open the results using Ethereal after? Because my 
> problem right
> now is the following. I gathered packets all weekend (3 days) using
> mutliple files (created every hour). So in the end, I had 
> like 50 files
> to analyze. The thing is that when I open a file using Ethereal, it
> takes about 2 minutes to open. Imagine I want to analyze them 
> together,
> I would need to open 50 files 1 by 1, which wouldn't make any 
> sense. Is
> there a solution to this?
> Thanks.
> 
> 
> -----Original Message-----
> From: ethereal-users-bounces@xxxxxxxxxxxx
> [mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Francisco
> Alcoba (TS/EEM)
> Sent: Friday, April 22, 2005 2:07 AM
> To: Ethereal user support
> Subject: RE: [Ethereal-users] Ethereal 64 bit
> 
> 
> Hi,
> 
> > I have 4 PC's running one application on each PC and let Ethereal 
> > collect packets. After a period of time (about 2 hours), 
> Ethereal does
> 
> > not respond anymore and I need to kill the process in task manager. 
> > Thus I cant get the results (packets captured). Does anyone have an 
> > idea of what to do in this case?
> 
> Generally speaking, if you want to capture continuously and 
> then process
> 
> the files in any way, ethereal is probably not the best tool 
> to use. You
> can use tcpdump/windump, which are much lighter, to collect the
> information, and 
> afterwards use ethereal/tethereal to analyze it. That, of 
> course, unless
> you need to watch the results in realtime, which is what ethereal is
> really good at. And, as has already been said, it makes it 
> easier to use
> multiple files. If 
> you later need to analyze them together -e.g. because there are
> inter-file
> dependencies- you can always merge them.
> 
> Regards,
>  Francisco
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>