Wireshark-users: Re: [Wireshark-users] how to handle big files in wireshark
From: "Bryan Hoyt | Brush Technology" <bryan@xxxxxxxxxxx>
Date: Sat, 10 Jul 2010 11:36:43 +1200
I'm not an expert here, but isn't it possible to reduce the amount of memory used by disabling all the protocols that you don't use (or even the ones you do use, if you can live without them)?

I think a lot of the memory usage comes from the specific protocols, not just the wireshark core.

Correct me if I'm wrong.

 - Bryan

--
PS. Check out the Brush newsletter: Subscribe or read our previous newsletters

Bryan Hoyt, Web Development Manager  --  Brush Technology
Ph: +64 3 942 7833     Mobile: +64 21 238 7955
Web: brush.co.nz
On Sat, Jul 10, 2010 at 08:10, Maverick <myeaddress@xxxxxxxxx> wrote:
Thanks for the response , If I break files down into many pcap files is there any way that I can have access to all those broken files. Like if I select follow stream option would it be possible to get streams that are in the other broken files.

Thanks
MK


On Fri, Jul 9, 2010 at 3:57 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

On Jul 9, 2010, at 12:46 PM, Maverick wrote:

> I have huge pcap files in Gbs which I want to analyze using wireshark but wireshark is extremely slow and crashes while opening those files. I tried breaking those files into smaller files but thats not very good solution as I have to open up each file and sometime relationship between files gets lost.
>
> Is there a decent way to handle huge files in wireshark .

For now, the only way is "use a 64-bit version of Wireshark, make sure you have enough disk space/swap space to back up a large virtual address space, and live with the slowness".

There may be changes in the future to reduce the memory requirements, but they're not trivial to make.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe