Ask Your Question

Revision history [back]

Hi,

When I capture with my laptop using a SPAN port, I try to filter as much traffic as possible before it even hits the Wireshark capture filter. This is because laptops are poor capture devices when there is "too much traffic."

You should try filtering with ACL if possible or at least with a combination of interfaces and VLAN if not.

"Too much" will depend on your traffic profile but basically I never capture over 10Mbps with my laptop and then again only for a short period.

I suggest you read this 2016 excellent blog post from PacketFoo.

You may also look at this YouTube video and this 2014 white paper for info.

(To be clear none of these resources are my own work.)

Good hunting.

Cheers,

JF