On Mon, 23 Nov 2009 17:32:29 -0500, Irene T Nguyen <inguyen3@xxxxxxx>
wrote:
> I had a couple questions about Wireshark.
>
> 1. Is it backwards compatible?
> 2. How much data can be captured at one time?
>
> Thank you,
> -Irene
Hi,
1. Backwards compatible with what?
Option: Ethereal(R)? Yes, it's a continuation of Ethereal(R) under a new
name.
Option: Can it still read old capture files? Yes, capture file support is
even extended.
Option: Can it still load my plugins? No, the plugin API/ABI is not
guaranteed across versions. You'll have to recompile.
Option: If it's another compatibility option, please specify which.
2. The amount of data which can be captured very much depends on the
nature of the data.
During the capture, Wireshark immediately dissects this data, resulting in
ever growing memory use. It's the memory use which limits your long term
capture. If you need long term capture, please use dumpcap. If you need to
analyze very large captures, use tools like Pilot.
Thanks,
Jaap
