You can't get around the problem. The logs are copies of the packets sent down the wire and so need as much space. There are sniffers that do data compression, but often it can't be done on the fly without risking dropping packets. Ethereal uses TCPdump format packets but I find that I can use gzip on them after they are gathered if I need to save space. You can control the detail that is displayed or printed. It also has a nice tcp stream module that helps by eliminating redundant packet headers. The Windows/NT version normally is as up to date as the Linux/Unix version (maybe a day later). -----Original Message----- From: firewalls-owner@Lists.GNAC.NET [mailto:firewalls-owner@Lists.GNAC.NET]On Behalf Of Ron DuFresne Sent: Wednesday, June 06, 2001 17:55 To: Paul D. Robertson Cc: Tatsuya Kawasaki; Firewalls@Lists.GNAC.NET Subject: Re: packet snooping tools for window Is Ethereal any less resource intensive on the win platform? Does it produce logs as huge as the linux version? Thanks, Ron DuFresne On Wed, 6 Jun 2001, Paul D. Robertson wrote: > On Wed, 6 Jun 2001, Tatsuya Kawasaki wrote: > > > Hi.. > > Does anyone know any free packeting sniffing tools > > run on windows machine? > > Ethereal. It's actually more stable on Windows than it is on Linux. > > There's also something in the NT resource kit or somewhere like that- SMS > maybe? > > Paul > ----------------------------------------------------------------------------- > Paul D. Robertson "My statements in this message are personal opinions > proberts@patriot.net which may have no basis whatsoever in fact." > > - > [To unsubscribe, send mail to majordomo@lists.gnac.net with > "unsubscribe firewalls" in the body of the message.] > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]