Oh, yeah... one week is a killer... I've run for just an hour at a customer
we didn't hit a snag.
Wouldn't it be best if tshark stopped saving the packets once the statistic
is obtained for the timeframe?
Laura
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Friday, August 09, 2013 8:16 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Need to record bandwidth used by branch
office VPN tunnels
On 9 aug 2013, at 03:05, Laura Chappell wrote:
> Consider using tshark (command-line tool) with the following parameters
perhaps.
>
> tshark -q -z
io,stat,3000,ip.addr==192.168.1.0/24,ip.addr==192.168.2.0/24,ip.addr==192.16
8.3.0/24 > mystats.txt
>
> No packets are saved during this process - you're only getting statistics.
Laura, this is not entirely true. As tshark uses dumpcap to capture the
traffic, dumpcap will save all the packets in a temporary file from which
tshark will read. To monitor the traffic for a week in this manner will
most likely result in a) an out-of-memory error due to the fact that tshark
keeps information about each conversation and b) a disk filling up with
packet data.
Cheers,
Sake
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe