Wireshark mailing list archives

Re: how to start Wireshark automatically at each boot-up?

From: Karthik Balaguru <karthikbalaguru79 () gmail com>
Date: Fri, 15 Jan 2010 16:02:18 +0530

On 1/15/10, Guy Harris <guy () alum mit edu> wrote:


On Jan 14, 2010, at 2:57 AM, Hrishikesh Murali wrote:

On Thu, Jan 14, 2010 at 5:20 AM, Dai Nish <dai_nish () yahoo co nz> wrote:

Please advise me how you could start Wireshark automatically and use it to monitor network traffic at each boot-up.


Just add the line "wireshark&" to /etc/rc.local


...if you're running on a UN*X with an /etc/rc.local.  That obviously won't help on Windows.

Note that the X server must be running *before* Wireshark is started, as it's an X11-based application on UN*X.

As others have noted, it's not clear that Wireshark - or even the non-GUI TShark - would be the right tool for this 
purpose.  If somebody wants to record network *usage*, even running dumpcap or "tcpdump -w" might be overkill - 
capturing traffic won't just give them the amount of network traffic, it'll give you the full *contents* of the 
network traffic, so if they use, for example, 250GB/month of network traffic, capturing that traffic will consume at 
least 250GB/month of disk space....


The below link conveys some good ways to dump and analyze netwrok traffic.
http://www.wireshark.org/docs/man-pages/tshark.html .
But, If running 'dumpcap' or 'tcpdump -w' is a overkill for capturing
the full contents of network traffic and if it is not a good idea to
use "tshark", the "-z io,stat" option (and redirect output to a file),
what could be the best alternative during this scenario ?

Should we need to go in for some kind of file compression by using
external file compression tools ?

Is there a format of logging provided by wireshark that would consume
very less space ?

Thx in advans,
Karthik Balaguru
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Re: how to start Wireshark automatically at each boot-up?, (continued)
- Re: how to start Wireshark automatically at each boot-up? Hrishikesh Murali (Jan 14)
  - Re: how to start Wireshark automatically at each boot-up? Tim.Poth (Jan 14)
  - Re: how to start Wireshark automatically at each boot-up? Karthik Balaguru (Jan 14)
  - Re: how to start Wireshark automatically at each boot-up? Karthik Balaguru (Jan 14)
    - Re: how to start Wireshark automatically at each boot-up? Forthofer Russ (Jan 14)
    - Re: how to start Wireshark automatically at each boot-up? Karthik Balaguru (Jan 14)
    - Re: how to start Wireshark automatically at each boot-up? Bill Meier (Jan 14)
    - Re: how to start Wireshark automatically at each boot-up? Ian Schorr (Jan 14)
  - Re: how to start Wireshark automatically at each boot-up? Guy Harris (Jan 14)
    - Re: how to start Wireshark automatically at each boot-up? Hrishikesh Murali (Jan 14)
    - Re: how to start Wireshark automatically at each boot-up? Karthik Balaguru (Jan 15)
    - Re: how to start Wireshark automatically at each boot-up? Guy Harris (Jan 15)
    - Re: how to start Wireshark automatically at each boot-up? Karthik Balaguru (Jan 15)
    - Re: how to start Wireshark automatically at each boot-up? Ian Schorr (Jan 15)