-------- Original Message --------
Subject: Re: [Wireshark-users] Need to record bandwidth used
by branch office VPN tunnels
From: "Laura Chappell" <
lchappell@xxxxxxxxxxxxxxxx>
Date: Fri, August 09, 2013 8:28 am
To: "'Community support list for Wireshark'"
<
wireshark-users@xxxxxxxxxxxxx>
Oh, yeah... one week is a killer... I've run for just an hour at a customer
we didn't hit a snag.
Wouldn't it be best if tshark stopped saving the packets once the statistic
is obtained for the timeframe?
Laura
-----Original Message-----
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[
mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Friday, August 09, 2013 8:16 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Need to record bandwidth used by branch
office VPN tunnels
On 9 aug 2013, at 03:05, Laura Chappell wrote:
> Consider using tshark (command-line tool) with the following parameters
perhaps.
>
> tshark -q -z
io,stat,3000,ip.addr==
192.168.1.0/24,ip.addr==192.168.2.0/24,ip.addr==192.168.3.0/24 > mystats.txt
>
> No packets are saved during this process - you're only getting statistics.
Laura, this is not entirely true. As tshark uses dumpcap to capture the
traffic, dumpcap will save all the packets in a temporary file from which
tshark will read. To monitor the traffic for a week in this manner will
most likely result in a) an out-of-memory error due to the fact that tshark
keeps information about each conversation and b) a disk filling up with
packet data.
Cheers,
Sake