Wireshark-users: [Wireshark-users] Sniffing1GigE interfaces without laptop crashing
Hello Experts,
We work with our router/switch vendor support and they ask for packet captures but a lot of our interfaces are GigE and our laptops crash when we try to that?
What are our options and ideas to optimize the laptop used so it can handle this kind of traffic.
Some suggestions i collected:
1) Go to Capture>Options on wireshark
2) In the pop up window configure the filter for the traffic you want to capture (using IP addresses for example)
3) Select the ring buffer option and increase it
4) Capture into a file and not to memory
5) Capture into separate files and not just one single big file
6) Pick the source of the monitor session to be the VLAN or Physical port, whichever has less traffic
7) Get a good laptop :)
Thanks,
Kim