we r trying to run wireshark on our network and we have heard wireshark cannot run on a 1gb network line/switch, is that true and if it is, is there anyway around this? Basically we do not have a sniffer available and we r seeing spikes in network traffic and we need to determine where the increase in network traffic is coming from. asked 28 Nov '11, 11:54 skobel |
One Answer:
Wireshark can capture 1GB/s link and even faster links as long as you have a network card that is supported (which they usually are). The question is (and I guess that's where the hearsay comes from) if the capturing PC/Notebook can write the captured data fast enough to do it without "drops". Drops are frames that have been on the wire but could not be saved due to performance reasons. For a statistical analysis (which seems to be enough for starters in your case) you can even live with drops if the ratio is not too high - you're only trying to get an idea what's happening, so you don't need every frame. As soon as you see something unusual you can then capture that device specifically, which usually gives you less traffic than a full 1gb network link. answered 28 Nov '11, 14:41 Jasper ♦♦ |