This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Bandwidth I/O graph and packet capture mode

0

Dear all,

Is it possible to get an accurate and correct Bandwidth I/O graph without capturing full packet?

In addition, if there is need for long capture time required, do you have recommendation or precaution?

Thanks.

asked 22 Oct '13, 20:08

Applepie2's gravatar image

Applepie2
11112
accept rate: 0%


One Answer:

0

Is it possible to get an accurate and correct Bandwidth I/O graph without capturing full packet?

yes, as Wireshark uses the information about the frame length, stored in the pcap file for each frame.

In addition, if there is need for long capture time required, do you have recommendation or precaution?

Yes.

  • reduce the amount of captured data by using 'strict' capture filters
  • capture with dumpcap instead of Wireshark. Don't use tshark either. Both are rather analyzing tools than capture tools.
  • If you want to capture with Wireshark (not recommended for a long period of time)
  • add enough RAM to your capturing machine (2 Gig is 'nothing' nowadays ;-))
  • use a 64 Bit OS, to be able to use that RAM
  • reduce the captured frame size (option -s for tcpdump and/or dumpcap)

Regards
Kurt

answered 28 Oct '13, 08:32

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 28 Oct '13, 08:34