I have searched the archives and the only reference i could find to this was dated back in Aug of 2000. We like to use ethereal to analyze log files that we capture on various boxes throughout our institution. We usually setup a headless linux box running snort and put it on a switch with a span port to capture as much traffic as possible. I currently have snort setup to log it all as tcpdump format. Then i will sftp the file over to my box and open it with ethereal to analyze it. But with very large files i am getting an error. My box is a P4 1400 with a gig of memory in it running linux with a 2.4.20 kernel. The error that i am getting is:
GLib-ERROR **: could not allocate 1328907053 bytes aborting... Aborted Is there anything i can do to get these files to open up? Any help would be appreciated. -- Richard Witt Systems Security Analyst II Texas Tech Medical Center (806) 743-2870 ext 266
