Re: Monitoring

["mike () grounded net" <mike () grounded net>]

No problem, that does answer my question and thanks, now I know so won't keep trying to find a way.
I mostly have linux servers with a handful of win machines.

Mike


On Sun, 16 May 2010 18:43:15 -0700, M Holt wrote:
>  My apologies; I suppose I did not really answer your question.
>  
>  So, I don't know of a way to monitor only, without saving a capture --
>  unless you are just going to watch via wireshark live.
>  That is to say, fire up wireshark or tshark, and just watch the packets go.
>  
>  If you are on a *nix client, just use tcpdump.
>  
>  Dumpcap is quit a bit easier on resources, because it does not load display
>  filters, so it can be used somewhat more discreetly.
>  
>  I think I understand what you are saying, but I don't know of any other way
>  to view packets on the fly without saving them for later viewing.
>  The "quick view of what's going on", would be either wireshark, tshark or
>  tcpdump, live without saving the packets anywhere.
>  
>  Hope that helps.
>  
>  -- Mike
>  
>  On Sun, May 16, 2010 at 6:28 PM, mike () grounded net <mike () grounded net> 
>  wrote:
> >  Sometimes, I just want to get a quick view of what's going on so monitor
> >  for a while but the logging is what seems to use up all of the system
> >  resources after a while.
> >  
> >  
> >  On Sat, 15 May 2010 12:16:06 -0700, M Holt wrote:
> > >  Can you just use dumpcap with a ring buffer?  Then stop the capture once
> > >  the event you are looking for is seen:
> > >  
> > >  http://www.wireshark.org/docs/man-pages/dumpcap.html
> > >  
> > >  On Sat, May 15, 2010 at 10:02 AM, mike () grounded net <mike () grounded net> 
> > >  wrote:
> > > >  Any way of monitoring only, without a capture, until I need to
> > > >  capture?
> > > >  
> > > >  ___________________________________________________________________________
> > > >  Sent via:    Wireshark-users mailing list <wireshark-
> > > >  users () wireshark org>
> > > >  Archives:    http://www.wireshark.org/lists/wireshark-users
> > > >  Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> > > >             mailto:wireshark-users-
> > > >  request () wireshark org?subject=unsubscribe
> > >  
> >  
> > >  #avg_ls_inline_popup { position:absolute; z-index:9999; padding: 0px
> > >  0px;
> > >  margin-left: 0px; margin-top: 0px; width: 240px; overflow: hidden; word-
> > >  wrap: break-word; color: black; font-size: 10px; text-align: left; line-
> > >  height: 13px;}
> >  
> >  
> >  ___________________________________________________________________________
> >  Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> >  Archives:    http://www.wireshark.org/lists/wireshark-users
> >  Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >             mailto:wireshark-users-
> >  request () wireshark org?subject=unsubscribe
>  
>  
>  #avg_ls_inline_popup { position:absolute; z-index:9999; padding: 0px 0px;
>  margin-left: 0px; margin-top: 0px; width: 240px; overflow: hidden; word-
>  wrap: break-word; color: black; font-size: 10px; text-align: left; line-
>  height: 13px;}


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe