I have met some problem with wireshark. my situation is i have a good IBM server,the server's configuration is below: the flow of my data is 250Mbps more or less, but when i collect the date for one hour, the size of the date collected is just only 95GBytes. So there are about 14Gbytes drop. So, who can tell me why , and give me a solution, thanks a lot. asked 08 Mar '12, 19:16  anew_flyfree edited 08 Mar '12, 23:56  SYN-bit ♦♦ |
One Answer:
First thing to do is try the dumpcap utility: its job is to simply capture packets and do it quickly. It doesn't have all the overhead of the GUI. Increasing the capture buffer size (with dumpcap's "-B" command-line argument) may also help. If that doesn't help (enough), which I suppose may be the case if you're really talking 250 Mbps, you may need to look into some commercial solutions. Riverbed sponsors Wireshark and also makes products which complement it: for example dealing with high-speed and long-term capturing. answered 09 Mar '12, 06:50  JeffMorriss ♦ |
