Wireshark mailing list archives

Re: Sniffing1GigE interfaces without laptop crashing

From: "Boonie" <newsboonie () gmail com>
Date: Sun, 20 Nov 2011 18:21:27 +0100

Best is not to use wireshark at all for this. Together with wireshark you have received dumpcap.exe (assuming windows). 
Use dumpcap for this. Try limiting it to files of 100 megs each.

Try dumpcap --h for all the options.

Regards,

Dave

  ----- Original Message ----- 
  From: Kasper Adel 
  To: wireshark-users () wireshark org 
  Sent: Sunday, November 20, 2011 5:23 PM
  Subject: [Wireshark-users] Sniffing1GigE interfaces without laptop crashing


  Hello Experts,

  We work with our router/switch vendor support and they ask for packet captures but a lot of our interfaces are GigE 
and our laptops crash when we try to that?

  What are our options and ideas to optimize the laptop used so it can handle this kind of traffic.

  Some suggestions i collected:

  1)      Go to Capture>Options on wireshark
  2)      In the pop up window configure the filter for the traffic you want to capture (using IP addresses for example)
  3)     Select the ring buffer option and increase it
  4)     Capture into a file and not to memory
  5)     Capture into separate files and not just one single big file
  6)     Pick the source of the monitor session to be the VLAN or Physical port, whichever has less traffic
  7)     Get a good laptop :)

  Thanks,
  Kim



------------------------------------------------------------------------------


  ___________________________________________________________________________
  Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
  Archives:    http://www.wireshark.org/lists/wireshark-users
  Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
               mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Sniffing1GigE interfaces without laptop crashing Kasper Adel (Nov 20)
- Re: Sniffing1GigE interfaces without laptop crashing Boonie (Nov 20)
  - Re: Sniffing1GigE interfaces without laptop crashing Richard Bejtlich (Nov 20)
    - Re: Sniffing1GigE interfaces without laptop crashing Guy Harris (Nov 20)
- Re: Sniffing1GigE interfaces without laptop crashing Guy Harris (Nov 20)
  - Re: Sniffing1GigE interfaces without laptop crashing Kevin Cullimore (Nov 20)
    - Re: Sniffing1GigE interfaces without laptop crashing Guy Harris (Nov 20)
    - Re: Sniffing1GigE interfaces without laptop crashing Kevin Cullimore (Nov 20)
    - Re: Sniffing1GigE interfaces without laptop crashing Kasper Adel (Nov 21)
    - Re: Sniffing1GigE interfaces without laptop crashing Matthew (Nov 21)
- Re: Sniffing1GigE interfaces without laptop crashing Guy Harris (Nov 20)