Henry Meleg wrote:
So I need to measure the traffic in bytes between two endpoints. If I
set up Wireshark on a laptop whose interface is enabled for promiscuous
mode and specify a capture filter between the source and destination IP
addresses that I am interested in and capture to a file then will that
file size be an accurate reflection of the traffic between the two endpoint.
Does Wireshark add any overhead to the capture file that I need to take
into account by subtracting it from the captured file size to get a
accurate traffic figure which I require to set up bandwidth management
filters.
The PCAP file format has both a per-file header and a per-packet header.
For details, see:
http://wiki.wireshark.org/Development/LibpcapFileFormat