Hi I am still new to Wireshark but I think that this should be an easy one:\ How can I monitor from a busy server (many GB of data/h) over an extended period of time (6h at least) the RTT times? Since the data volume is massive I cannot store all sent data on disc. I am searching for latency issues where RTT > 0.1s. Ideally I would like to start a live capture and keep only the packets in memory which have such high RTT times to analyze later customer complaints with the monitored RTT times if the problems were network related or not. I have seen nice display filters like tcp.analysis.ack_rtt>0.1 which would do exactly that but when I look at the memory consumption of wireshark I see a steady increase which would bring down the server quite soon. I have hoped that capture filters would help me to keep only the relevant packages which match the filter. Is this possible somehow? In general an option in Wireshark that drops all not visible packets would be great to achive that. If the feature is already there I would love to hear how I can use it. asked 26 May '14, 02:41  akraus1 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
