[afnog] tcpdump > wireshark round robin
Dick Elleray at AfriConnect
delleray at africonnect.com
Wed Jul 2 09:14:51 UTC 2008
Marie
Hi again :)
Following up on Phil's excellent advice to have tshark (or even Wireshark) continually update a round-robin set of
captures..
If the capture box is/has to be dedicated to doing this (and may be NTOP as well) as it is measuring the core traffic
for example, you could set Wireshark to save the files in a (protected) web server directory.
You can them "wget" or simply browse and download those to an investigative pc running Wireshark but only when you need
them. The investigative PC then does the packet analysis etc rather than the capture box (which could be a rack system
without monitor etc)...
Regards
dick
-----Original Message-----
From: afnog-bounces at afnog.org [mailto:afnog-bounces at afnog.org] On Behalf Of Marie-Paule UWASE
Sent: 02 July 2008 09:45
To: Phil Regnauld
Cc: afnog at afnog.org
Subject: Re: [afnog] tcpdump
thanks Phil
i will definitely use tshark
MP
More information about the afnog
mailing list