On 1/15/10, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Jan 14, 2010, at 2:57 AM, Hrishikesh Murali wrote:
>
> > On Thu, Jan 14, 2010 at 5:20 AM, Dai Nish <dai_nish@xxxxxxxxxxx> wrote:
> >
> >> Please advise me how you could start Wireshark automatically and use it to monitor network traffic at each boot-up.
> >
> > Just add the line "wireshark&" to /etc/rc.local
>
> ...if you're running on a UN*X with an /etc/rc.local. That obviously won't help on Windows.
>
> Note that the X server must be running *before* Wireshark is started, as it's an X11-based application on UN*X.
>
> As others have noted, it's not clear that Wireshark - or even the non-GUI TShark - would be the right tool for this purpose. If somebody wants to record network *usage*, even running dumpcap or "tcpdump -w" might be overkill - capturing traffic won't just give them the amount of network traffic, it'll give you the full *contents* of the network traffic, so if they use, for example, 250GB/month of network traffic, capturing that traffic will consume at least 250GB/month of disk space....
The below link conveys some good ways to dump and analyze netwrok traffic.
http://www.wireshark.org/docs/man-pages/tshark.html .
But, If running 'dumpcap' or 'tcpdump -w' is a overkill for capturing
the full contents of network traffic and if it is not a good idea to
use "tshark", the "-z io,stat" option (and redirect output to a file),
what could be the best alternative during this scenario ?
Should we need to go in for some kind of file compression by using
external file compression tools ?
Is there a format of logging provided by wireshark that would consume
very less space ?
Thx in advans,
Karthik Balaguru