Hi folks,
I have a small network of about 30 PCs. I'd like to capture all
network traffic coming in and going out, but I'm not sure if tshark
(or any sniffer for that matter) can keep up with the traffic?
Comments?
I think tshark is the best way to go, because it has less overhead
than the full Wireshark.
If it is possible for the sniffer and the host box to keep up with all
of the traffic from 30 boxes, I'll use port spanning to capture the
incoming connection at the switch and mirror it to the "capture box".
1 ) If I build a box specifically for this purpose (I'll use *nix of
some type), what hardware requirements would the capture place the
most demand on?
2.) What hardware performance would I most want to monitor (memory,
CPU, etc.) to look for bottlenecks?
Thanks,
Ed