Thanks everyone for responding.
By crash, i meant wireshark it self failing which stops the capture.
Point well taken, a CLI tool would be best (tcpdump in that case). any other suggestions to improve the performance when a lot of traffic is captured?
One more question, in cases where we are capturing and waiting for an event to happen (specific packet for example) what are best practices in this case? i am afraid memory would be consumed and the operating system might act up and maybe crash so what would be the best parameters in terms of rotation files and ring buffer size...etc?
Thanks,
Kim
On Mon, Nov 21, 2011 at 6:12 AM, Kevin Cullimore
<kcullimo@xxxxxxxxxx> wrote:
On 11/20/2011 5:35 PM, Guy Harris wrote:
On Nov 20, 2011, at 2:15 PM, Kevin Cullimore wrote:
in either case, no reason NOT to use dumpcap/tcpdump/windump for these purposes . . .
As long as it's "capture and then look at it later" (which is probably the case if you're capturing full-on GigE), yes.