Ethereal-users: RE: [Ethereal-users] About the overhead of ethereal on server side

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Jim Hendrick" <jrhendri@xxxxxxxxxxxx>
Date: Sun, 20 Nov 2005 20:45:31 -0500
If you want to run Ethereal to analyze traffic, consider using
windump/tcpdump to capture the traffic in binary format, then use Ethereal
to do the analysis afterward. This will allow you to grab whatever is of
interest efficiently and do the analysis at your convenience. You can use
BPF filters to specify what you want to grab, or just put the whole packet
in a file (or just the header) to do further analysis later.

Not that Ethereal is terribly resource intensive, but doing any analysis in
real-time can cause packet loss (if a single threaded process is writing to
disk when a packet comes in, something has to wait/drop-on-the-floor.)

If you *must* run it in real time, at least disable MAC, network and
transport resolution. 

Later,

Jim Hendrick
GCFW, GCIA, GCIH, GCWN




-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Zhuowei Li
Sent: Sunday, November 20, 2005 4:19 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] About the overhead of ethereal on server side


Hi, All,

Can you let me know the overall/average overhead of ethereal. In the client
side or in the server side.

I want to parse the protocol tree in the server side (e.g., a webserver)
using ethereal. The practical overhead for the protocol parse is critical
for the server performance if it acts as a firewall/proxy. 

Thank you in advance.

Best,
Zhuowei

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users