Wireshark-users: Re: [Wireshark-users] Sniffing1GigE interfaces without laptop crashing
From: Kasper Adel <karim.adel@xxxxxxxxx>
Date: Mon, 21 Nov 2011 14:39:06 +0200
Thanks everyone for responding.

By crash, i meant wireshark it self failing which stops the capture.

Point well taken, a CLI tool would be best (tcpdump in that case). any other suggestions to improve the performance when a lot of traffic is captured?

One more question, in cases where we are capturing and waiting for an event to happen (specific packet for example)  what are best practices in this case? i am afraid memory would be consumed and the operating system might act up and maybe crash so what would be the best parameters in terms of rotation files and ring buffer size...etc?

Thanks,
Kim


On Mon, Nov 21, 2011 at 6:12 AM, Kevin Cullimore <kcullimo@xxxxxxxxxx> wrote:
On 11/20/2011 5:35 PM, Guy Harris wrote:
On Nov 20, 2011, at 2:15 PM, Kevin Cullimore wrote:

in either case, no reason NOT to use dumpcap/tcpdump/windump for these purposes . . .
As long as it's "capture and then look at it later" (which is probably the case if you're capturing full-on GigE), yes.
Fair enough. It's been a while since I've dealt with a "non-look-at-it-later" scenario.


However, if it's a kernel panic, the issue may have nothing to do with whether you're watching the traffic while you're capturing it, and may pop up even with a relatively simple userland network->file code path, or with a faster CPU, or....
___________________________________________________________________________
Sent via:    Wireshark-users mailing list<wireshark-users@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe