|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Wireshark ate itself
|
> Date: Tue, 16 Jun 2009 14:21:09 -0400
> From: jeff <jeffv@op.net>
>
> It ate all the memory and run the cpu to 100%. I finally managed to
> nice it, when the system complained that there was no more memory and
> closed Wireshark.
>
> I'm guessing the capture is gone from that session, correct?
I'm pretty sure.
Maybe use tcpdump instead of Wireshark to avoid the GUI tax? They both
use the same BPF (http://en.wikipedia.org/wiki/Berkeley_Packet_Filter)
language (see "expression" in the man page), which is (or at least was)
*different* than the WireShark display filter language!
You might need to experiment with tcpdump settings to get them right.
'-s 1600' and -w come to mind, see also -c, -C, -l, -n, and others. It
has an excellent and comprehensive man page.
> This is one of those days where in order to do something simple, thirty
> three other things have to be done first. And so on for the next simple
> task.
I hate it when that happens.
Later,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP |:::======| http://bashcookbook.com/
My Account, My Opinions |=========| http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|