Re: Sniffing1GigE interfaces without laptop crashing

[Kasper Adel <karim.adel () gmail com>]

Thanks everyone for responding.

By crash, i meant wireshark it self failing which stops the capture.

Point well taken, a CLI tool would be best (tcpdump in that case). any
other suggestions to improve the performance when a lot of traffic is
captured?

One more question, in cases where we are capturing and waiting for an event
to happen (specific packet for example)  what are best practices in this
case? i am afraid memory would be consumed and the operating system might
act up and maybe crash so what would be the best parameters in terms of
rotation files and ring buffer size...etc?

Thanks,
Kim


On Mon, Nov 21, 2011 at 6:12 AM, Kevin Cullimore <kcullimo () runbox com>wrote:

> On 11/20/2011 5:35 PM, Guy Harris wrote:
>
> > On Nov 20, 2011, at 2:15 PM, Kevin Cullimore wrote:
> >
> >  in either case, no reason NOT to use dumpcap/tcpdump/windump for these
> > > purposes . . .
> > As long as it's "capture and then look at it later" (which is probably
> > the case if you're capturing full-on GigE), yes.
> Fair enough. It's been a while since I've dealt with a
> "non-look-at-it-later" scenario.
>
>
> > However, if it's a kernel panic, the issue may have nothing to do with
> > whether you're watching the traffic while you're capturing it, and may pop
> > up even with a relatively simple userland network->file code path, or with
> > a faster CPU, or....
> > ______________________________**______________________________**
> > _______________
> > Sent via:    Wireshark-users mailing list<wireshark-users@**wireshark.org<wireshark-users () wireshark org>
> > >
> > Archives:    http://www.wireshark.org/**lists/wireshark-users<http://www.wireshark.org/lists/wireshark-users>
> > Unsubscribe: 
> > https://wireshark.org/mailman/**options/wireshark-users<https://wireshark.org/mailman/options/wireshark-users>
> >              mailto:wireshark-users-**request () wireshark org<wireshark-users-request () wireshark org>
> > ?subject=**unsubscribe
> ______________________________**______________________________**
> _______________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org**
> >
> Archives:    http://www.wireshark.org/**lists/wireshark-users<http://www.wireshark.org/lists/wireshark-users>
> Unsubscribe: 
> https://wireshark.org/mailman/**options/wireshark-users<https://wireshark.org/mailman/options/wireshark-users>
>            mailto:wireshark-users-**request () wireshark org<wireshark-users-request () wireshark org>
> ?subject=**unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe