[afnog] tcpdump > wireshark round robin

Dick Elleray at AfriConnect delleray at africonnect.com
Wed Jul 2 09:14:51 UTC 2008


Hi again :)

Following up on Phil's excellent advice to have tshark (or even Wireshark) continually update a round-robin set of

If the capture box is/has to be dedicated to doing this (and may be NTOP as well) as it is measuring the core traffic
for example, you could set Wireshark to save the files in a (protected) web server directory.

You can them "wget" or simply browse and download those to an investigative pc running Wireshark but only when you need
them. The investigative PC then does the packet analysis etc rather than the capture box (which could be a rack system
without monitor etc)...



-----Original Message-----
From: afnog-bounces at afnog.org [mailto:afnog-bounces at afnog.org] On Behalf Of Marie-Paule UWASE
Sent: 02 July 2008 09:45
To: Phil Regnauld
Cc: afnog at afnog.org
Subject: Re: [afnog] tcpdump

thanks Phil

i will definitely use tshark


More information about the afnog mailing list