> My suggestion/comment was based upon the notion that the bulk of the
> resources responsible for ultimately grinding a system to a halt are
> consumed not by the act of capturing, but by the act of analyzing a given
> packet/set of packets to provide the "what's going on" information (an
> action which i'm informally equating with the term "decoding"). If this is
Don't know, I only know that on a 4GB memory server, it eventually tells me it is out of memory and wireshark dies. That's if I just leave it running while going off on something else.
> in fact accurate, this would be the wrong tool to implement in an attempt
> to provide insight without consuming resources.
I understand, just wondered if there was an option to monitor without capturing.