Re: tshark or dumpcap ring buffer limitations

[Jeff Morriss <jeff.morriss.ws () gmail com>]

Joseph Laibach wrote:
> Jaap,
>         I work for a stock trading firm. We are looking to have a system in place to capture the entire days worth of 
> market data. We have a line that comes in and brings multiple feeds in to our servers. We would like to be able to 
> let this capture run and then over-write itself the next day. The 8mb files are a nice size to work with and do not 
> due much damage when moved about across wan links. So in order to get about a day's worth of traffic at 8mb clips I 
> need a ring buffer of about 25000 files. The traffic adds up to about 225 to 235gb a day depending on market 
> activity. The 8mb files also work very nicely in our home grown Sequence number search web app.
>
> Can I compile Wireshark on linux to be used on windows or do I need to compile on windows?

Keep in mind that having many thousands of files in a single directory 
can be very slow on some OS/file systems.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe