Ask Your Question
0

New to wireshark

asked 2021-04-16 12:16:56 +0000

TNL gravatar image

Hi everyone,

I am pretty new to WireShark, and I would like to monitor the activity in my network. It seems like we have some suspicious activity and I am trying to find the source of it.

I have a few questions.

  1. I would like to save a record of all the activity that happened in the network every once in a while, so I can go back and look at past logs. I see that the recommended way to do it is by megabytes(after reaching a certain number of megabytes, a file will be created and saved automatically). What is the recommended number of megabytes to use for this log? After how many megabytes should I ask the system to save the log?

  2. Is it possible to save multipole logs or once a new log is being created in would delete the previous log?

  3. Is there an option of checking a timestamp for the packets? I can only see time passed since Wireshark was activated, but not an actual time. Is it possible to see the time that the packet was sent?

Thank you,

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-04-16 13:42:59 +0000

hugo.vanderkooij gravatar image

Well. I would not go beyond 1000 MB as too big becomes impractical. 100 MB is wat I prefer myself. But on hight throughput situation that might be too small to be useful.

You can rotate over a number of files. See also: https://osqa-ask.wireshark.org/questi...

You can choose how you display the time. View => Time Display Format I prefer time of day and milliseconds. As I usually care less about the exact date or nano seconds.

edit flag offensive delete link more

Comments

Thank you Hugo for your answer!

TNL gravatar imageTNL ( 2021-04-16 14:23:10 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-04-16 12:16:56 +0000

Seen: 565 times

Last updated: Apr 16 '21