[Winpcap-users] Capturing from
a 'tap'typedeviceusing2networkcards - and how to order the packets
Guy Harris
guy at alum.mit.edu
Wed Jun 4 00:18:05 GMT 2008
On Jun 3, 2008, at 4:43 PM, Gianluca Varenni wrote:
> It won't, in fact. It will dump the packets to disk. When you stop
> the capture, Wireshark will load the capture.
I.e., "don't update the display in real time" is what you use when the
traffic is sufficiently heavy that you don't have enough {CPU power,
disk bandwidth, whatever} to keep the display up-to-date as packets
arrive, but you do have enough of those resources to
1) save the traffic to disk as it arrives
and
2) have Wireshark count the packets and update a display of the
packet count.
(If you don't have enough CPU even for that, use dumpcap (and if you
don't even have enough CPU for that, you need a faster CPU or a faster
memory bus or...); if you don't have enough disk bandwidth for that,
you need a faster disk subsystem or a faster bus between the host
memory and the disk subsystem.)
More information about the Winpcap-users
mailing list