Re: How much overhead does a Wireshark capture file contain ?

[Bill Meier <wmeier () newsguy com>]

Henry Meleg wrote:
> So I need to measure the traffic in bytes between two endpoints. If I
> set up Wireshark on a laptop whose interface is enabled for promiscuous
> mode and specify a capture filter between the source and destination IP
> addresses that I am interested in and capture to a file then will that
> file size be an accurate reflection of the traffic between the two
> endpoint.
>  
> Does Wireshark add any overhead to the capture file that I need to take
> into account by subtracting it from the captured file size to get a
> accurate traffic figure which I require to set up bandwidth management
> filters.
>  
> Can anybody help ?
>  

May I suggest using capinfos (a Wireshark tool) to get information about 
the capture file.

Example output from capinfos

File name:           [...]
File type:           NA Sniffer (Windows) 2.00x
File encapsulation:  Ethernet
Number of packets:   27796
File size:           3979202 bytes
Data size:           2867234 bytes
Capture duration:    55732 seconds
Start time:          Mon Nov 17 11:10:59 2003
End time:            Tue Nov 18 02:39:50 2003
Data byte rate:      51.45 bytes/sec
Data bit rate:       411.58 bits/sec
Average packet size: 103.15 bytes
Average packet rate: 0.50 packets/sec
SHA1:                042a82ca1d53abbfebff210d9a1eb7121bd531b2
RIPEMD160:           444e0a11404e2424d51ab3c915d9c684b06b721a
MD5:                 b044be576c4206885a4165eae3264d29


See the capinfos man page....

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe