-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Amit Paliwal wrote:
> I am not using tshark, i am using wireshark........
>
> is not it safe in the scenario i explained
I wouldn't use a Wireshark display filter in a packet capture when the
requirement was such that I couldn't afford dropped packets.
You could use dumpcap which comes with recent Wireshark distributions
instead:
dumpcap -i \Device\NPF_{52EFAA93-34C5-4F7E-80AE-638A48E3F1BD} -f "udp
and port 137"
The probability of dropped packets is based on the amount of traffic you
are capturing, the resources of your OS and the amount of processes
competing for system resources. If Wireshark works OK for you in
testing, then go with it! :)
- -Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iQIVAwUBRoj3tzWX3FIa1TkuAQI7mBAAmJ1M8gwD1VKtbotnh8wps0c5Y9kbeUFa
ckR9IpqpN1kwJdLwA1Jg26I3wXQIglWAigyHGVVbEaJjoK+Kuc/Pw8sQJPuGgyqv
8thiHuXv80oZqEdVQUzJKUcoyNmrLlYtDkdQ1JGbA6C4kNqaB2mvjEONK06wdift
C621yetxjSM0gkdS/899Zg/SuVWKul2ZJccax0zcjM62GXC8Dn8lxCmL9w2lzwWm
2hG2DYqRQ8KubzHXMBeGRCsKkx6unstksAUabJKjjMcBy5td5pO8DMljwMcavebL
DlfqZU/uXO255ckRwfpWNlzs4SLjdtiYj/YdG90dNeydRy2VZLOHLeEAeHrRZsSq
DHI8xkzwp5aJ9qFpXB4TG69WlxfGg0kGNumNhmqNp3IkSS2yzZ+ORq6cHRiDK6yw
7goU+7RCYpaNcrucPE9NlF/izGqZ1zRk8gPJbzFF6kyQtmWF1enMxXsxFMJvBP6+
BoTp2f4vEokiqcW33PDseM0jANiss+OSMLmLFo+vkQKg8NvgnRqZDYSQ6Due6yyk
QhYTDO06RchV/qqPqFsVKNsnUobdcaNJ6QpweZJRwmt+8rM2n1JbTNl6GV6qx2qf
MahnrclQ9rN3tycHRkwDm0PDC2USXaaQKThXlRll4rfJdjkTJ3O1cBiRYNoDkMgK
8q9Ukft4aBY=
=wBlY
-----END PGP SIGNATURE-----
