Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sniffing1GigE interfaces without laptop crashing

From: Matthew <matthew1471 () matthew1471 co uk>
Date: Mon, 21 Nov 2011 23:09:06 +0000
Kim,

If you are only interested in a specific packet (and will only ever be
interested in a specific packet because once you start the capture you
won't be able to alter this) then generally it would be best to write a
capture filter, that way you are only using your resources to log what
matters.

Matthew

On 21/11/2011 12:39, Kasper Adel wrote:

Thanks everyone for responding.

By crash, i meant wireshark it self failing which stops the capture.

Point well taken, a CLI tool would be best (tcpdump in that case). any
other suggestions to improve the performance when a lot of traffic is
captured?

One more question, in cases where we are capturing and waiting for an
event to happen (specific packet for example)  what are best practices
in this case? i am afraid memory would be consumed and the operating
system might act up and maybe crash so what would be the best
parameters in terms of rotation files and ring buffer size...etc?

Thanks,
Kim
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: