Wireshark-users: Re: [Wireshark-users] Sniffing1GigE interfaces without laptop crashing
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Matthew <matthew1471@xxxxxxxxxxxxxxxxx>
Date: Mon, 21 Nov 2011 23:09:06 +0000
Kim,

If you are only interested in a specific packet (and will only ever be
interested in a specific packet because once you start the capture you
won't be able to alter this) then generally it would be best to write a
capture filter, that way you are only using your resources to log what
matters.

Matthew

On 21/11/2011 12:39, Kasper Adel wrote:
> Thanks everyone for responding.
>
> By crash, i meant wireshark it self failing which stops the capture.
>
> Point well taken, a CLI tool would be best (tcpdump in that case). any
> other suggestions to improve the performance when a lot of traffic is
> captured?
>
> One more question, in cases where we are capturing and waiting for an
> event to happen (specific packet for example)  what are best practices
> in this case? i am afraid memory would be consumed and the operating
> system might act up and maybe crash so what would be the best
> parameters in terms of rotation files and ring buffer size...etc?
>
> Thanks,
> Kim
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe