Ask Your Question
0

New to wireshark

asked 2021-04-16 12:16:56 +0000

TNL gravatar image

Hi everyone,

I am pretty new to WireShark, and I would like to monitor the activity in my network. It seems like we have some suspicious activity and I am trying to find the source of it.

I have a few questions.

  1. I would like to save a record of all the activity that happened in the network every once in a while, so I can go back and look at past logs. I see that the recommended way to do it is by megabytes(after reaching a certain number of megabytes, a file will be created and saved automatically). What is the recommended number of megabytes to use for this log? After how many megabytes should I ask the system to save the log?

  2. Is it possible to save multipole logs or once a new log is being created in would delete the previous log?

  3. Is there an option of checking a timestamp for the packets? I can only see time passed since Wireshark was activated, but not an actual time. Is it possible to see the time that the packet was sent?

Thank you,

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-04-16 13:42:59 +0000

hugo.vanderkooij gravatar image

Well. I would not go beyond 1000 MB as too big becomes impractical. 100 MB is wat I prefer myself. But on hight throughput situation that might be too small to be useful.

You can rotate over a number of files. See also: https://osqa-ask.wireshark.org/questi...

You can choose how you display the time. View => Time Display Format I prefer time of day and milliseconds. As I usually care less about the exact date or nano seconds.

edit flag offensive delete link more

Comments

Thank you Hugo for your answer!

TNL gravatar imageTNL ( 2021-04-16 14:23:10 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2021-04-16 12:16:56 +0000

Seen: 397 times

Last updated: Apr 16 '21

Related questions

I'd like to extract the timestamp from the wireless LAN management frame

What is the syntax for wireshark custom column

Count specific frame from the given log

How to create and install new own plugin in wireshark for filtering CAN packets in Ubunutu 16.04LTS

why is my NTP client timestamp wrong?

NTP timestamp display

Capture file appears to be damaged or corrupt

timestamp diameter after decode as

why can't i press the start button in Capture?

Who sets the value of Timestamps fields inside TCP?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2