Wireshark-users: Re: [Wireshark-users] Wireshark-users Digest, Vol 31, Issue 13

From: "Ioannis Kiriazis XI" <ioannis.xi.kiriazis@xxxxxxxxxxxx>
Date: Mon, 8 Dec 2008 09:18:28 +0100
 
Hi Santino,

Below you can find my answers.

Regards,
Ioannis

 

 

Ioannis Kiriazis  

Support Services Engineer Back Office Core & Switching 


CDN Team

 

Ericsson Telecommunicatie B.V.

Regional Operations Center Rijen
Ericssonstraat 2
5121 ML, Rijen, Netherlands
www.ericsson.com

Office: +31 16 124 2766
Fax: +31 16 124 9239
Mobile: +31 62 671 0057
Email: ioannis.xi.kiriazis@xxxxxxxxxxxx



This communication is confidential and intended solely for the
addressee(s). Any unauthorized review, use, disclosure or distribution
is prohibited. If you believe this message has been sent to you in
error, please notify the sender by replying to this transmission and
delete the message without disclosing it. Thank you.

E-mail including attachments is susceptible to data corruption,
interception, unauthorized amendment, tampering and viruses, and we only
send and receive emails on the basis that we are not liable for any such
corruption, interception, amendment, tampering or viruses or any
consequences thereof.


------------------------------

>Message: 2
>Date: Sat, 06 Dec 2008 10:28:21 -0600
>From: "Santino Robles" <Santino.Robles@xxxxxxxxxxx>
>Subject: [Wireshark-users] Default save location, memory limitation,
>	preserve vlan tags
>To: <wireshark-users@xxxxxxxxxxxxx>
>Message-ID: <493A53C5020000D200051AF7@xxxxxxxxxxxxxxxxxx>
>Content-Type: text/plain; charset=US-ASCII

>I have 3 questions 

>1)  	How do I change the default save directory from c:\docu~\a\temp
?  My c drive is very low >on space and I need to change this save
location to my d drive where I have more space. 

I believe my answer below covers this question also.

>2)  	How can I get wireshark to not stop capturing after RAM runs out
?  Thing is the captures >I am running are generating about 1gb of
capture file size for every 2 minutes of capture and > >then after about
2 minutes it tells me wireshark is out of memory and is about to close
but the >capture is automatically saved at that location.  Ideally I
would like to be able to capture >>>for about 20 minutes at a time 

You can go to Capture --> Options and then define in the Capture File(s)
part
To have continious capture files. There you can also define where the
files will be saved
And the criteria to close  a file and open a new one.
If you are not interested in watching live the packets you capture I
would recommend you to use Tshark or Dumpcap (depending your needs).
Info on those Command line tools can be found in 
The Wireshark install folder :-) The both consume a lot less CPU and RAM
memory comparing to Wireshark.


>3)	How can I preserve vlan tags when capturing ?  I already
downloaded the intel driver, as >>well as edited my registry as per
intel's intructions but it still strips the vlan tags.

No idea :-(

>I am running wireshark 1.0.4 latest release downloaded this week on a
compaq 8510p laptop with >2gb ram.


>Thanks people

>Santino