Wireshark-users: Re: [Wireshark-users] Sniffing1GigE interfaces without laptop crashing
From: Richard Bejtlich <taosecurity@xxxxxxxxx>
Date: Sun, 20 Nov 2011 12:56:57 -0500
+1

There's no need to use a protocol analyzer like Wireshark, Tshark, or
even Tcpdump to just do packet capture.  You introduce more trouble
than it's worth.

Either use Dumpcap or Daemonlogger.

Sincerely,

Richard

On Sun, Nov 20, 2011 at 12:21 PM, Boonie <newsboonie@xxxxxxxxx> wrote:
> Best is not to use wireshark at all for this. Together with wireshark you
> have received dumpcap.exe (assuming windows). Use dumpcap for this. Try
> limiting it to files of 100 megs each.
>
> Try dumpcap --h for all the options.
>
> Regards,
>
> Dave