If you want to run Ethereal to analyze traffic, consider using
windump/tcpdump to capture the traffic in binary format, then use Ethereal
to do the analysis afterward. This will allow you to grab whatever is of
interest efficiently and do the analysis at your convenience. You can use
BPF filters to specify what you want to grab, or just put the whole packet
in a file (or just the header) to do further analysis later.
Not that Ethereal is terribly resource intensive, but doing any analysis in
real-time can cause packet loss (if a single threaded process is writing to
disk when a packet comes in, something has to wait/drop-on-the-floor.)
If you *must* run it in real time, at least disable MAC, network and
transport resolution.
Later,
Jim Hendrick
GCFW, GCIA, GCIH, GCWN
-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Zhuowei Li
Sent: Sunday, November 20, 2005 4:19 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] About the overhead of ethereal on server side
Hi, All,
Can you let me know the overall/average overhead of ethereal. In the client
side or in the server side.
I want to parse the protocol tree in the server side (e.g., a webserver)
using ethereal. The practical overhead for the protocol parse is critical
for the server performance if it acts as a firewall/proxy.
Thank you in advance.
Best,
Zhuowei
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users