Wireshark-users: Re: [Wireshark-users] How much overhead does a Wireshark capture file contain ?

From: "Henry Meleg" <hmeleg@xxxxxxxxxx>
Date: Thu, 11 Feb 2010 16:10:14 -0000
Thanks for that 


Regards,
 
Henry 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jeff Morriss
Sent: 11 February 2010 15:18
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] How much overhead does a Wireshark
capture file contain ?

Henry Meleg wrote:
> So I need to measure the traffic in bytes between two endpoints. If I 
> set up Wireshark on a laptop whose interface is enabled for 
> promiscuous mode and specify a capture filter between the source and 
> destination IP addresses that I am interested in and capture to a file

> then will that file size be an accurate reflection of the traffic
between the two endpoint.
>  
> Does Wireshark add any overhead to the capture file that I need to 
> take into account by subtracting it from the captured file size to get

> a accurate traffic figure which I require to set up bandwidth 
> management filters.

The PCAP file format has both a per-file header and a per-packet header.

  For details, see:

http://wiki.wireshark.org/Development/LibpcapFileFormat
________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe