Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] Tshark hardware requirements to capture all network traffic?

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Ed Flecko" <edflecko@xxxxxxxxx>
Date: Mon, 5 May 2008 14:19:56 -0700

Hi folks,
I have a small network of about 30 PCs. I'd like to capture all
network traffic coming in and going out, but I'm not sure if tshark
(or any sniffer for that matter) can keep up with the traffic?
Comments?

I think tshark is the best way to go, because it has less overhead
than the full Wireshark.

If it is possible for the sniffer and the host box to keep up with all
of the traffic from 30 boxes, I'll use port spanning to capture the
incoming connection at the switch and mirror it to the "capture box".

1 ) If I build a box specifically for this purpose (I'll use *nix of
some type), what hardware requirements would the capture place the
most demand on?
2.) What hardware performance would I most want to monitor (memory,
CPU, etc.) to look for bottlenecks?

Thanks,
Ed
  • Prev by Date: Re: [Wireshark-users] Protocol Identification using Payload Content
  • Next by Date: [Wireshark-users] HTTP/HTTPs sniffer
  • Previous by thread: Re: [Wireshark-users] Protocol Identification using Payload Content
  • Next by thread: [Wireshark-users] HTTP/HTTPs sniffer
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation