Re: [Ethereal-users] tethereal uses too much memory to filter packets from file

[LEGO <luis.ontanon@xxxxxxxxx>]

I just added -A <start time> and -B <stop time> to editcap, this way
you can select to have in the file just those packets that happen in a
certain period of time.

$ editcap -A '2005-10-10 20:30:15' -B '2005-10-10 20:30:19' in.pcap out.pcap

This one can filter by date  even a file N times bigger than the ram...


you can get it  http://www.ethereal.com/distribution/buildbot-builds/
it's on revision 17614 or higher.

L
On 3/13/06, LEGO <luis.ontanon@xxxxxxxxx> wrote:
> On 3/13/06, Alessandro Staltari <a_staltari@xxxxxxxx> wrote:
> > --- LEGO <luis.ontanon@xxxxxxxxx> ha scritto:
> > > Yes,
> > >  although there are probably leaks, these should be
> > > a negligible part
> > > of memory usage. ethereal is stateful.
> >
> > I was not using ethereal but I used tethereal instead.
> > Is there a way to tell tethereal to be not stateful?
> Go through preferences (either editing the preferences file or with
> ethereal as both programs use the same prefs) and disable all those
> preferences that require protocols to keep persistent data
> (reassembling for the most)
>
> > BTW filtering by date should not require packet
> > tracking, I may expect it will not track packets if it
> > is not necessary.
>
> Once you use a display filter (or use tethereal's -V option) detailed
> dissection takes place.
>
> BTW if what you need is to split the file in time windows try just
> identifing the start and stop packets  and use editcap instead.
>
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan