|
Best is not to use wireshark at all for this.
Together with wireshark you have received dumpcap.exe (assuming windows). Use
dumpcap for this. Try limiting it to files of 100 megs each.
Try dumpcap --h for all the options.
Regards,
Dave
----- Original Message -----
Sent: Sunday, November 20, 2011 5:23
PM
Subject: [Wireshark-users] Sniffing1GigE
interfaces without laptop crashing
Hello Experts,
We work with our router/switch vendor
support and they ask for packet captures but a lot of our interfaces are GigE
and our laptops crash when we try to that?
What are our options and
ideas to optimize the laptop used so it can handle this kind of
traffic.
Some suggestions i
collected:
1) Go to Capture>Options on
wireshark
2) In the pop up window configure
the filter for the traffic you want to capture (using IP addresses for
example)
3) Select the ring buffer option and
increase it
4) Capture into a file and not to
memory
5) Capture into separate files and not just
one single big file
6) Pick the source of the
monitor session to be the VLAN or Physical port, whichever has less
traffic
7) Get a good laptop
:)
Thanks,
Kim
___________________________________________________________________________
Sent
via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:
http://www.wireshark.org/lists/wireshark-users
Unsubscribe:
https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
|