No problem, that does answer my question and thanks, now I know so won't keep trying to find a way.
I mostly have linux servers with a handful of win machines.
Mike
On Sun, 16 May 2010 18:43:15 -0700, M Holt wrote:
> My apologies; I suppose I did not really answer your question.
>
> So, I don't know of a way to monitor only, without saving a capture --
> unless you are just going to watch via wireshark live.
> That is to say, fire up wireshark or tshark, and just watch the packets go.
>
> If you are on a *nix client, just use tcpdump.
>
> Dumpcap is quit a bit easier on resources, because it does not load display
> filters, so it can be used somewhat more discreetly.
>
> I think I understand what you are saying, but I don't know of any other way
> to view packets on the fly without saving them for later viewing.
> The "quick view of what's going on", would be either wireshark, tshark or
> tcpdump, live without saving the packets anywhere.
>
> Hope that helps.
>
> -- Mike
>
> On Sun, May 16, 2010 at 6:28 PM, mike@xxxxxxxxxxxx <mike@xxxxxxxxxxxx>
> wrote:
>> Sometimes, I just want to get a quick view of what's going on so monitor
>> for a while but the logging is what seems to use up all of the system
>> resources after a while.
>>
>>
>> On Sat, 15 May 2010 12:16:06 -0700, M Holt wrote:
>>> Can you just use dumpcap with a ring buffer? Then stop the capture once
>>> the event you are looking for is seen:
>>>
>>> http://www.wireshark.org/docs/man-pages/dumpcap.html
>>>
>>> On Sat, May 15, 2010 at 10:02 AM, mike@xxxxxxxxxxxx <mike@xxxxxxxxxxxx>
>>> wrote:
>>>> Any way of monitoring only, without a capture, until I need to
>>>> capture?
>>>>
>>>> ___________________________________________________________________________
>>>> Sent via: Wireshark-users mailing list <wireshark-
>>>> users@xxxxxxxxxxxxx>
>>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>>> mailto:wireshark-users-
>>>> request@xxxxxxxxxxxxx?subject=unsubscribe
>>>
>>
>>> #avg_ls_inline_popup { position:absolute; z-index:9999; padding: 0px
>>> 0px;
>>> margin-left: 0px; margin-top: 0px; width: 240px; overflow: hidden; word-
>>> wrap: break-word; color: black; font-size: 10px; text-align: left; line-
>>> height: 13px;}
>>
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives: http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> mailto:wireshark-users-
>> request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
> #avg_ls_inline_popup { position:absolute; z-index:9999; padding: 0px 0px;
> margin-left: 0px; margin-top: 0px; width: 240px; overflow: hidden; word-
> wrap: break-word; color: black; font-size: 10px; text-align: left; line-
> height: 13px;}
