[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 JP Vossen wrote: >> Date: 2009年6月16日 14:21:09 -0400 >> From: jeff <jeffv@op.net> >> >> It ate all the memory and run the cpu to 100%. I finally managed to >> nice it, when the system complained that there was no more memory and >> closed Wireshark. >> >> I'm guessing the capture is gone from that session, correct? > > I'm pretty sure. > > Maybe use tcpdump instead of Wireshark to avoid the GUI tax? They both > use the same BPF (http://en.wikipedia.org/wiki/Berkeley_Packet_Filter) > language (see "expression" in the man page), which is (or at least was) > *different* than the WireShark display filter language! > > You might need to experiment with tcpdump settings to get them right. > '-s 1600' and -w come to mind, see also -c, -C, -l, -n, and others. It > has an excellent and comprehensive man page. DANG IT, jp, you beat me to it! but i definitely recommend tcpdump, especially for *just* capturing (the neat thing? you can "play back" tcpdump captures in wireshark since it's pcap!) other alternatives [1]: ippl sniffit dnshijacker [1] i have not tried these so i'm not sure if they're merely frontends to tcpdump/libpcap, or if they're standalone, or what. there are a lot of parsers out there for pcap captures, too. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAko3/JQACgkQ8u2Zh4MtlQo91gCffZh/3KNIZ7fgAK4hmmRmct4a R4QAnj64nLzK3QnEPcznP/KSd3l+7Rht =tPY2 -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug