This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Which is best to use, Wireshark, DUMPCAP, TSHARK, TCPDUMP for capturing?

0

Everyday between 230PM and 4PM Network gets slow apps get disconnected... We do not drop internet connection from site... We drop Drive mapping back to HQ up North, We Drop Outlook Exchange Connection back to HQ up North.

Users can still access web browser to external sites... We have checked that no replication is happening, we have checked server logs for DC's here and at HQ up North... There internet connection does not drop either. The VPN between the sites does not show any issues when checking the Sonicwalls at both sites... We are thinking of sniffing the networking internal at our site to see what would cause the drop or slow throughput.

Which is best to use, Wireshark, DUMPCAP, TSHARK, TCPDUMP for capturing?

asked 03 Sep '14, 14:34

ITSupportMorrisvilleNC's gravatar image

ITSupportMor...
1111
accept rate: 0%

edited 03 Sep '14, 16:19

Jasper's gravatar image

Jasper ♦♦
23.8k551284


One Answer:

0

TCPDump is fine, dumpcap is fine, too. Wireshark and tshark are both using dumpcap to do the capture for them, so it is usually best to use dumpcap directly without the overhead.

answered 03 Sep '14, 16:20

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%