We are doing an audit on a SPAN port to verify source ip traffic to destination for a week . Is there a way to only record 1 instance of ip hosts (source to destination) and then ignore any continuos communications between the 2 ? We realy dont need any more data and need to leave wireshark on for about a week. Thank you asked 17 Jul '15, 05:15  mtrujillano |
One Answer:
No, Wireshark does not support adaptive filtering based on what it has seen in packets. You may want to look at Netflow statistics gathering which seems to be more like what you're looking for. answered 17 Jul '15, 05:19  Jasper ♦♦ |
