This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

10gbps network capturing

0

Hello I was wondering if the wiredhark can properly capture 10gbps network trafic without losses of data. If the issue has been tested it would realy help. There is no hw limitation because ssd drive is used with xeon 2637v3 dual cpu and ddr4 32GB of ram. Wireshark 1.12.3 64bit version is used

asked 17 Feb '15, 02:32

Dima's gravatar image

Dima
1345
accept rate: 0%

There was a great talk at Sharkfest 14 by Andrew Brown covering this topic.

You can find his presentation at http://sharkfest.wireshark.org/assets/presentations/I3:%20Sharkfest_2014_ABrown%20-%20Copy.pdf or http://sharkfest.wireshark.org/assets/presentations/I3.pptx

(17 Feb '15, 03:49) Uli

One Answer:

1

Are you aware of the fact that Wireshark doesn't capture data? For this task it spawns dumpcap, which, using libpcap/winpcap, captures the data, and hands it over to Wireshark.

So you have to look into equipment that can handle the wirespeed, writing that to storage and offer Wireshark the option to open the capture files for detailed analysis. You should look into some dedicated capture hardware (nice platform details you listed, but what about the capture hardware??), to handle this deluge of data. A quick internet search shows there enough options. And have a look at what Riverbed has on offer, being the home of Wireshark.

answered 17 Feb '15, 04:01

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%