Wireshark mailing list archives
Re: port monitoring
From: Christopher Maynard <Christopher.Maynard () gtech com>
Date: Wed, 5 Sep 2012 00:45:51 +0000 (UTC)
mike dodson <mikejd208@...> writes:
I would like to monitor for a few days anything going out on any port other
than port 80 or port 443. is there a simple display filter that I can use to see this information. I am new and still learning some of the simple stuff. The reason for doing this is so that I can right a firewall rule to block all ports but what is needed.
thank you for all the help.
I have to question your desire to use a display filter in this case. If you really plan on capturing for a few days, then you'll most likely run into memory issues[1]. You are far better off running dumpcap with the most restrictive capture filter you can, possibly even setting the smallest snaplen you require (if possible, depending on your needs/requirements) and utilizing dumpcap's ring buffer options to further limit the size of the capture files to more manageable levels. ... unless of course you have tons of memory and very low utilization on your network, in which case you might be OK. [1]: http://wiki.wireshark.org/KnownBugs/OutOfMemory ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- port monitoring mike dodson (Sep 04)
- Re: port monitoring Marco Zuppone (Sep 04)
- Re: port monitoring mike dodson (Sep 04)
- Re: port monitoring Guy Harris (Sep 04)
- Re: port monitoring Christopher Maynard (Sep 04)
- Re: port monitoring mike dodson (Sep 04)
- Re: port monitoring Marco Zuppone (Sep 04)
- Re: port monitoring sigafoose (Sep 04)
- Re: port monitoring Christopher Maynard (Sep 04)