Hi folks, I cannot say wether this message is perhaps only for dummies like me but if anybody else asks himself why does the socket spy....... Well,being (very) curious testing the PE-socketspy I enabled "spying" for several sockets (äh yes-at the same time and wanted after a while observe the packetdata. My CPU began burning (100%) and the socket-spy froze every time I wanted to see the data. First idea was that it does not work.My O&O Defrag started and I could see strong fragmentation on partition C:\ Using the cluster-inspector I saw which part was strong fragmented: the PE-file. I opened it and saw that the capture.bin was grown up to 350 mb.Guess that was a little bit to much to read for the socket-spy So if anybodies socket-spy frozes perhaps have a look at the capture.bin Deleting is no problem - there will always be created a new one. -Hank-
If you were to take a look at the amazing amount of data that goes back and forth, you would quickly understand why you would not want to run a capture on more than one or two processes for very long. If you are curious, you can get this neat little freeware tool called TDIMon to see what I mean. http://www.sysinternals.com/ntw2k/freeware/tdimon.shtml Off Topic -- I just dl O&O Defrag last night to try. What's your opinion? Phil
Yes that TDImon gives a quick impression, but i love the details and lots of other tools in PE. Good warning to look at the capture.bin size, thanks for that.
Hi Phil, in comparison to other tools I tried out this is really the best one.You have a little bit - like always - to play with ,which means which configuration is the best for your system (depends on the data /access / changing) But no question: much better than the defrag-conole in W2k. Concerning TDImon: Thanks for the hint,but (always visiting wilders.org) I installed it log time ago under WIN98.System-Crash and that it was it for me.Something went wrong but in this case I did not want to find out why.... It's late here in europe -I go to bed............. -Hank- P.S.: further off-topic: are you interested in a tornado-deluxe-harddrive ? Go to : http://www.wdc.com/products/products.asp?DriveID=32 I had IBM,Maxtor,Barracuda on my system.This harddrive above (special edition / 8 MB cache) turns you on I promise.... -Hank-
Hi Jooske, wouldn't it make sense to set a "natural" limit in PE for the size of the capture.bin - I mean f.e. like in some firewalls for the logfiles. If the socket spy frozes because the data is to much to open it ..... And who knows -perhaps except of Jason -where exactly the limit is before it frozes ? Or something like an alert to remove the spylist ("too much data-alert") ? -Hank-
Or at next occasion start clean again overwriting the last; but a limit should be practicle and if not possible, a button for cleaning like for cleaning caches in a browser. I'm sure Jason will look into this matter. Did not see the max. size in the helpfile, but file formats and some programming languages commands to include it in own functions. Long ago i had problems with TDImon too, don't remember exactly if it caused system crashes too, but it might have had to do with required system files which by now after all those recent updates and patches might fit better with the software, maybe additional files from the new virtual machine, all is possible.
There is no limit on capture.bin size currently. Of course if you have 350MB of data it will appear to "freeze" socket spy as it has to process all that information in it. If you have a lot of ram it shouldn't be a problem. Usually the best method is to socket spy on an application or two, then when your finished either copy capture.bin to a backup directory and rename it to whatever you captured, like "Internetexplorer_capture.bin", or just remove all the data using the remove packets button in Socket Spy for a clean slate. -Jason-
In fact we never can get "enough" - or ? In my case I have 512mb ram -regarding your answer this must be a small size because "mr.Freeze" came in....... -Hank-
Well doing some math, if your hard drive can read that file at 10MB/second average, then it would of taken 35 seconds to process it all, if it did fit in your ram Soon as it starts to thrash out to disk you can probably double that time. I didn't really design Socket Spy to handle 100's of megabytes of data at once and hence I didnt use a more sophisticated Hex Workshop approach to the data due to time constraints. Even so, when we are talking 350MB on even today's machines it is a LOT of data to crunch regardless -Jason-
hmm 3minutes for my spy ifo to show ...finally! turns out it was 2gigs in size my bad,now i understand how it works,going to defrag now oh ya i deleted capture.bin by accident,will the program make another or do i have to reinstall?
Hi Ironwalker, nothing to worry, there will be made a new capture.bin when needed: deleting or renaming to save like Jason said above would have the same effect, you can also empty the bin with the "remove" buttons. Hoped it would do automatically, wipe out the old content at a next spy occasion but seems not, so it can really grow.
Ironwalker, woah, did you socket spy on some file transfer or something? As Jooske said you can delete capture.bin whenever you want to remove it, or just click the Remove button in the Socket Spy utility, they both have the same effect. What I usually do is socket spy on one application im interested in and after its finished I rename that capture.bin to spy_applicationname.bin so if I need it later I can just rename it to capture.bin and view it in the Socket Spy utility. -Jason-