I want to do a prolonged capture (24 hours) segmented into either 24 or 48 capture files (depending on size). Here is my issue... I'm scanning an uplink port on a main switch that basically captures all local / inbound /outbound traffic. We don't have a huge network (~ 200 workstation/servers + ~50 other network devices), but my dump files are pretty huge. 30 mins = ~1500000 packets with a file size of 1.175GB This size is a little unmanageable to use due to the size but a smaller capture wouldn't be much of a use for statistical reasons. What do big companies do for these types of captures? My network isn't exactly huge. Thanks asked 03 Jun '13, 12:14  CameronW |
One Answer:
If you do not want to reduce file size to be manageable by Wireshark (which is understandable in many cases) you'll probably have to look for other solutions, e.g. Cace Pilot, OpNet, Wildpackets Omnipeek etc. Sometimes, if it's only statistics you're interested in, you can also try to use some kind of NetFlow analysis software. answered 03 Jun '13, 14:10  Jasper ♦♦ |
