This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

we r trying to run wireshark on our network and we have heard wireshark cannot run on a 1gb network line/switch, is that true and if it is, is there anyway around this? Basically we do not have a sniffer available and we r seeing spikes in network traffic and we need to determine where the increase in network traffic is coming from.
Thanks, Scott Kobel [email protected]

asked 28 Nov '11, 11:54

skobel's gravatar image

skobel
1111
accept rate: 0%


Wireshark can capture 1GB/s link and even faster links as long as you have a network card that is supported (which they usually are). The question is (and I guess that's where the hearsay comes from) if the capturing PC/Notebook can write the captured data fast enough to do it without "drops". Drops are frames that have been on the wire but could not be saved due to performance reasons.

For a statistical analysis (which seems to be enough for starters in your case) you can even live with drops if the ratio is not too high - you're only trying to get an idea what's happening, so you don't need every frame.

As soon as you see something unusual you can then capture that device specifically, which usually gives you less traffic than a full 1gb network link.

permanent link

answered 28 Nov '11, 14:41

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×146

question asked: 28 Nov '11, 11:54

question was seen: 2,841 times

last updated: 28 Nov '11, 14:41

p​o​w​e​r​e​d by O​S​Q​A