Discussion:
[AFMUG] Windows based pcap viewer for large files
That One Guy
2015-01-21 18:32:16 UTC
Permalink
Anybody know a good, free viewer for large pcaps that runs in windows?

I have a 16gb file in wireshark right now and everythign takes 10 minutes
to complete
--
All parts should go together without forcing. You must remember that the
parts you are reassembling were disassembled by you. Therefore, if you
can't get them together again, there must be a reason. By all means, do not
use a hammer. -- IBM maintenance manual, 1925
Josh Luthman
2015-01-21 18:33:54 UTC
Permalink
How much ram do you have? Do a filter and save that?

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
Post by That One Guy
Anybody know a good, free viewer for large pcaps that runs in windows?
I have a 16gb file in wireshark right now and everythign takes 10 minutes
to complete
--
All parts should go together without forcing. You must remember that the
parts you are reassembling were disassembled by you. Therefore, if you
can't get them together again, there must be a reason. By all means, do not
use a hammer. -- IBM maintenance manual, 1925
That One Guy
2015-01-21 18:50:47 UTC
Permalink
8gb and 4 xeon cores
Post by Josh Luthman
How much ram do you have? Do a filter and save that?
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
Post by That One Guy
Anybody know a good, free viewer for large pcaps that runs in windows?
I have a 16gb file in wireshark right now and everythign takes 10 minutes
to complete
--
All parts should go together without forcing. You must remember that the
parts you are reassembling were disassembled by you. Therefore, if you
can't get them together again, there must be a reason. By all means, do not
use a hammer. -- IBM maintenance manual, 1925
--
All parts should go together without forcing. You must remember that the
parts you are reassembling were disassembled by you. Therefore, if you
can't get them together again, there must be a reason. By all means, do not
use a hammer. -- IBM maintenance manual, 1925
Charles Boening
2015-01-21 19:27:58 UTC
Permalink
Could split the file into smaller components with this.
https://www.wireshark.org/docs/man-pages/editcap.html

Check this out too.
http://www.netresec.com/?page=SplitCap



__________________________________

Charles Boening
Network Manager
800-858-2399 | Office
***@calore.net<mailto:***@calore.net>

www.cot.net<http://www.cot.net/> | Find us on Facebook<https://www.facebook.com/pages/Cal-Ore/205066716227707>
__________________________________
Cal-Ore | Real. Local. Trusted. Professional.

From: Af [mailto:af-***@afmug.com] On Behalf Of That One Guy
Sent: Wednesday, January 21, 2015 10:51 AM
To: ***@afmug.com
Subject: Re: [AFMUG] Windows based pcap viewer for large files

8gb and 4 xeon cores

On Wed, Jan 21, 2015 at 12:33 PM, Josh Luthman <***@imaginenetworksllc.com<mailto:***@imaginenetworksllc.com>> wrote:

How much ram do you have? Do a filter and save that?

Josh Luthman
Office: 937-552-2340<tel:937-552-2340>
Direct: 937-552-2343<tel:937-552-2343>
1100 Wayne St
Suite 1337
Troy, OH 45373
On Jan 21, 2015 1:32 PM, "That One Guy" <***@gmail.com<mailto:***@gmail.com>> wrote:
Anybody know a good, free viewer for large pcaps that runs in windows?

I have a 16gb file in wireshark right now and everythign takes 10 minutes to complete
--
All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925
--
All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925
That One Guy
2015-01-21 20:07:17 UTC
Permalink
I usually run split files, but this task requires the whole thing. Finally
did what I needed to do and it turned out I missed the data I was looking
for anyway
Post by Charles Boening
Could split the file into smaller components with this.
https://www.wireshark.org/docs/man-pages/editcap.html
Check this out too.
http://www.netresec.com/?page=SplitCap
__________________________________
*Charles Boening*
*Network Manager*
800-858-2399 | Office
www.cot.net | Find us on Facebook
<https://www.facebook.com/pages/Cal-Ore/205066716227707>
__________________________________
*Cal-Ore* | *Real. Local. Trusted. Professional.*
*Sent:* Wednesday, January 21, 2015 10:51 AM
*Subject:* Re: [AFMUG] Windows based pcap viewer for large files
8gb and 4 xeon cores
On Wed, Jan 21, 2015 at 12:33 PM, Josh Luthman <
How much ram do you have? Do a filter and save that?
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
Anybody know a good, free viewer for large pcaps that runs in windows?
I have a 16gb file in wireshark right now and everythign takes 10 minutes
to complete
--
All parts should go together without forcing. You must remember that the
parts you are reassembling were disassembled by you. Therefore, if you
can't get them together again, there must be a reason. By all means, do not
use a hammer. -- IBM maintenance manual, 1925
--
All parts should go together without forcing. You must remember that the
parts you are reassembling were disassembled by you. Therefore, if you
can't get them together again, there must be a reason. By all means, do not
use a hammer. -- IBM maintenance manual, 1925
--
All parts should go together without forcing. You must remember that the
parts you are reassembling were disassembled by you. Therefore, if you
can't get them together again, there must be a reason. By all means, do not
use a hammer. -- IBM maintenance manual, 1925
Loading...