Yes, I use a lot of tools, ntop, if top, lot's of tops :). I also use ossim which is incredibly comprehensive but every tool has it's use. Sometimes, just watching the packets using wireshark helps plus, I just happen to be at that station so end up using it. No big deal but would have been nice if it had a monitor feature which doesn't capture, perhaps even has a little selectable delay setting so that things don't go by so quickly.
Mike
On Sun, 16 May 2010 21:55:46 -0400, Kevin Cullimore wrote:
> On 5/16/2010 9:28 PM, mike@xxxxxxxxxxxx wrote:
>
>> Sometimes, I just want to get a quick view of what's going on so monitor
>> for a while but the logging is what seems to use up all of the system
>> resources after a while.
>>
>>
> A different tool might provide you with a decent ongoing overview of
> network activity. When customers are interested in this functionality, I
> have them run NTOP, and instruct them to turn up a machine running
> wireshark when they feel the need to drill down to byte/bit-level details.
>> On Sat, 15 May 2010 12:16:06 -0700, M Holt wrote:
>>
>>> Can you just use dumpcap with a ring buffer? Then stop the capture once
>>> the event you are looking for is seen:
>>>
>>> http://www.wireshark.org/docs/man-pages/dumpcap.html
>>>
>>> On Sat, May 15, 2010 at 10:02 AM, mike@xxxxxxxxxxxx<mike@xxxxxxxxxxxx>
>>> wrote:
>>>
>>>> Any way of monitoring only, without a capture, until I need to
>>>> capture?
>>>>
>>>> ___________________________________________________________________________
>>>> Sent via: Wireshark-users mailing list<wireshark-
>>>> users@xxxxxxxxxxxxx>
>>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>> mailto:wireshark-users-
>>>> request@xxxxxxxxxxxxx?subject=unsubscribe
>>>
>>>
>>> #avg_ls_inline_popup { position:absolute; z-index:9999; padding: 0px
>>> 0px;
>>> margin-left: 0px; margin-top: 0px; width: 240px; overflow: hidden; word-
>>> wrap: break-word; color: black; font-size: 10px; text-align: left; line-
>>> height: 13px;}
>>>
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx>
>> Archives: http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
