On Wed, Dec 19, 2007 at 12:05:13PM +0800, Halim Wijaya wrote:
> Is Wireshark able to capture Gigabit traffic at full speed without
> dropping any packets?
In theory it is possible if you have a fast enough computer. I've never
tried it myself, but here are some tips to get Wireshark to run faster:
http://wiki.wireshark.org/Performance
However, you're probably better off running dumpcap (a command-line
program that comes with Wireshark). Dumpcap's entire purpose is to
capture packets as fast as possible without interpreting them; in fact,
it's the back-end capture mechanism that Wireshark uses. Dumpcap lets
you save the traffic to a file and then you can read it in with
Wireshark later.
Steve