|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Wireshark ate itself
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
JP Vossen wrote:
>> Date: Tue, 16 Jun 2009 14:21:09 -0400
>> From: jeff <jeffv@op.net>
>>
>> It ate all the memory and run the cpu to 100%. I finally managed to
>> nice it, when the system complained that there was no more memory and
>> closed Wireshark.
>>
>> I'm guessing the capture is gone from that session, correct?
>
> I'm pretty sure.
>
> Maybe use tcpdump instead of Wireshark to avoid the GUI tax? They both
> use the same BPF (http://en.wikipedia.org/wiki/Berkeley_Packet_Filter)
> language (see "expression" in the man page), which is (or at least was)
> *different* than the WireShark display filter language!
>
> You might need to experiment with tcpdump settings to get them right.
> '-s 1600' and -w come to mind, see also -c, -C, -l, -n, and others. It
> has an excellent and comprehensive man page.
DANG IT, jp, you beat me to it!
but i definitely recommend tcpdump, especially for *just* capturing (the
neat thing? you can "play back" tcpdump captures in wireshark since it's
pcap!)
other alternatives [1]:
ippl
sniffit
dnshijacker
[1] i have not tried these so i'm not sure if they're merely frontends
to tcpdump/libpcap, or if they're standalone, or what. there are a lot
of parsers out there for pcap captures, too.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAko3/JQACgkQ8u2Zh4MtlQo91gCffZh/3KNIZ7fgAK4hmmRmct4a
R4QAnj64nLzK3QnEPcznP/KSd3l+7Rht
=tPY2
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|