Wireshark-users: Re: [Wireshark-users] Monitoring
From: "mike@xxxxxxxxxxxx" <mike@xxxxxxxxxxxx>
Date: Wed, 19 May 2010 13:22:49 -0500
Yes, I use a lot of tools, ntop, if top, lot's of tops :). I also use ossim which is incredibly comprehensive but every tool has it's use. Sometimes, just watching the packets using wireshark helps plus, I just happen to be at that station so end up using it. No big deal but would have been nice if it had a monitor feature which doesn't capture, perhaps even has a little selectable delay setting so that things don't go by so quickly. Mike On Sun, 16 May 2010 21:55:46 -0400, Kevin Cullimore wrote: > On 5/16/2010 9:28 PM, mike@xxxxxxxxxxxx wrote: > >> Sometimes, I just want to get a quick view of what's going on so monitor >> for a while but the logging is what seems to use up all of the system >> resources after a while. >> >> > A different tool might provide you with a decent ongoing overview of > network activity. When customers are interested in this functionality, I > have them run NTOP, and instruct them to turn up a machine running > wireshark when they feel the need to drill down to byte/bit-level details. >> On Sat, 15 May 2010 12:16:06 -0700, M Holt wrote: >> >>> Can you just use dumpcap with a ring buffer? Then stop the capture once >>> the event you are looking for is seen: >>> >>> http://www.wireshark.org/docs/man-pages/dumpcap.html >>> >>> On Sat, May 15, 2010 at 10:02 AM, mike@xxxxxxxxxxxx<mike@xxxxxxxxxxxx> >>> wrote: >>> >>>> Any way of monitoring only, without a capture, until I need to >>>> capture? >>>> >>>> ___________________________________________________________________________ >>>> Sent via: Wireshark-users mailing list<wireshark- >>>> users@xxxxxxxxxxxxx> >>>> Archives: http://www.wireshark.org/lists/wireshark-users >>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users >>>> mailto:wireshark-users- >>>> request@xxxxxxxxxxxxx?subject=unsubscribe >>> >>> >>> #avg_ls_inline_popup { position:absolute; z-index:9999; padding: 0px >>> 0px; >>> margin-left: 0px; margin-top: 0px; width: 240px; overflow: hidden; word- >>> wrap: break-word; color: black; font-size: 10px; text-align: left; line- >>> height: 13px;} >>> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx> >> Archives: http://www.wireshark.org/lists/wireshark-users >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users >> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe >> > > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- Follow-Ups:
- Re: [Wireshark-users] Monitoring
- From: Kevin Cullimore
- Re: [Wireshark-users] Monitoring
- References:
- Re: [Wireshark-users] Monitoring
- From: Kevin Cullimore
- Re: [Wireshark-users] Monitoring
- Prev by Date: Re: [Wireshark-users] tshark or dumpcap ring buffer limitations
- Next by Date: Re: [Wireshark-users] One NIC on public side
- Previous by thread: Re: [Wireshark-users] Monitoring
- Next by thread: Re: [Wireshark-users] Monitoring
- Index(es):
- Get Wireshark
- Download
- Code of Conduct