[Jaap Keuter <jaap.keuter@xxxxxxxxx>]

Hi,

He actually means dumpcap. Tshark, also a commandline tool, will do dissection as well, something you want to avoid in long term capture. 

You do want to use multiple files though, to keep things managable.  

Thanks,

Jaap

Send from my iPhone

On 15 feb 2010, at 18:30, "Terry Martin" <tmartin@xxxxxxxxxxxxxxxx> wrote:

The best way I know is to setup a constant capture using Tshark where it is running and saves capture files.  Then when you are notified, you can go back to that capture file and see what is going on

 

Terry Martin

VP of Operation

TimeData Corporation

Phone: 503-678.2224

Cell:      503.318.8909

 

 

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Ref Frazer
Sent: Sunday, February 14, 2010 8:46 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] intermitant trafffic

 

I am a new user to wireshark. I have this problem where my network is experiences a surge in traffic,  but by the time I get to the protocol analyzer the data is gone. What is the best way to capture this window with wireshark?    

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe