Wireshark mailing list archives
Re: Monitoring
From: Kevin Cullimore <kcullimo () runbox com>
Date: Wed, 19 May 2010 21:44:29 -0400
On 5/19/2010 2:22 PM, mike () grounded net wrote:
My suggestion/comment was based upon the notion that the bulk of the resources responsible for ultimately grinding a system to a halt are consumed not by the act of capturing, but by the act of analyzing a given packet/set of packets to provide the "what's going on" information (an action which i'm informally equating with the term "decoding"). If this is in fact accurate, this would be the wrong tool to implement in an attempt to provide insight without consuming resources.Yes, I use a lot of tools, ntop, if top, lot's of tops :). I also use ossim which is incredibly comprehensive but every tool has it's use. Sometimes, just watching the packets using wireshark helps plus, I just happen to be at that station so end up using it. No big deal but would have been nice if it had a monitor feature which doesn't capture, perhaps even has a little selectable delay setting so that things don't go by so quickly. Mike
On Sun, 16 May 2010 21:55:46 -0400, Kevin Cullimore wrote:On 5/16/2010 9:28 PM, mike () grounded net wrote:Sometimes, I just want to get a quick view of what's going on so monitor for a while but the logging is what seems to use up all of the system resources after a while.A different tool might provide you with a decent ongoing overview of network activity. When customers are interested in this functionality, I have them run NTOP, and instruct them to turn up a machine running wireshark when they feel the need to drill down to byte/bit-level details.On Sat, 15 May 2010 12:16:06 -0700, M Holt wrote:Can you just use dumpcap with a ring buffer? Then stop the capture once the event you are looking for is seen:http://www.wireshark.org/docs/man-pages/dumpcap.html On Sat, May 15, 2010 at 10:02 AM, mike () grounded net<mike () grounded net>wrote:Any way of monitoring only, without a capture, until I need to capture?___________________________________________________________________________ Sent via: Wireshark-users mailing list<wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Monitoring mike () grounded net (May 15)
- Re: Monitoring M Holt (May 15)
- Re: Monitoring mike () grounded net (May 16)
- Re: Monitoring M Holt (May 16)
- Re: Monitoring mike () grounded net (May 16)
- Re: Monitoring Kevin Cullimore (May 16)
- Re: Monitoring mike () grounded net (May 19)
- Re: Monitoring Kevin Cullimore (May 19)
- Re: Monitoring mike () grounded net (May 20)
- Re: Monitoring Jaap Keuter (May 20)
- Re: Monitoring Kevin Cullimore (May 21)
- Re: Monitoring Jaap Keuter (May 21)
- Re: Monitoring mike () grounded net (May 16)
- Re: Monitoring M Holt (May 15)