Wireshark · Wireshark-users: Re: [Wireshark-users] Buffers size, ring buffer and multiple files

Wireshark-users: Re: [Wireshark-users] Buffers size, ring buffer and multiple files

From: "Hans Nilsson" <hasse_gg@xxxxxxxx>

Date: Thu, 18 Jan 2007 12:00:21 -1100

Didn't someone on this list say that Wireshark isn't primarily a
capturing tool for capturing massive amounts of data, it's more on an
protocol analyzer? So maybe try saving the data with another tool and
the reviewing it in Wireshark.


On Thu, 18 Jan 2007 12:41:09 -0800, "Chet Seligman"
<cseligman@xxxxxxxxxxxxx> said:
> When I want to capture  a very large amount of traffic, I usually set up
> for
> multiple files(10-20), buffer size of 64meg, new file every 64meg and
> ring
> buffer of up to 10 files.
> 
> Is this the best configuration?
> Does anyone have rules of thumb?
> 
> Occasionally WS crashes in extended captures, even with much smaller
> parameters.
> 
> Chet
-- 
  Hans Nilsson
  hasse_gg@xxxxxxxx

-- 
http://www.fastmail.fm - Same, same, but different

Follow-Ups:
- Re: [Wireshark-users] Buffers size, ring buffer and multiple files
  - From: Danielson, Graeme

References:
- [Wireshark-users] Buffers size, ring buffer and multiple files
  - From: Chet Seligman

Prev by Date: Re: [Wireshark-users] Help on tcpdump or dumpcap
Next by Date: Re: [Wireshark-users] Help on tcpdump or dumpcap
Previous by thread: [Wireshark-users] Buffers size, ring buffer and multiple files
Next by thread: Re: [Wireshark-users] Buffers size, ring buffer and multiple files
Index(es):
- Date
- Thread