On Jan 13, 2009, at 9:52 PM, Condor Kim wrote:
i notice lately that if i am downloading or uploading (via ftp) a
large file, like a video, wireshark will show only the packets of
the downloading or uploading. if i happen to visit some webpages
while downloading or uploading, the traffic for visiting these
webpages won't register or show at all in my wireshark. is this
normal? does wireshark drop other packets when it's too busy with
one connection?
Wireshark - or, more correctly, the packet capture mechanism used by
libpcap/WinPcap - doesn't know about connections, so it won't drop
packets from other connections if there's too much traffic on one
connection, it could drop some packets from the connection itself, not
just packets not from that connection, and it won't necessarily drop
packets not from that connection.
So it *is* possible that, if you have a lot of network traffic going
to and from your machine, some packets will be dropped. As Jaap
Keuter said, check the status bar while you're capturing; it could
(depending on the OS on which you're running, and the version of that
OS, as that controls whether libpcap/WinPcap can determine whether
packets were dropped) indicate how many packets were dropped by the
capture Wireshark is doing.