[NTLUG:Discuss] Network 'passthru' viewer
crem
crem101 at dfwair.net
Fri Jan 21 21:41:29 CST 2011
Dave, et al,
I use tshark in startup on the system. One tshark per interface. Set it up
for a circular buffer. Stop tshark when you have a problem or just look in
the log. Use Wireshark to decode the messages. Wireshark has some basic
analytical tools built-in.
example startup:
tshark -q -i eth0 -f "ip or arp" -w /tmp/capture-eth0-.pcap -b
filesize:30000 -b files:100
This creates 100 circular files of 30Mbytes in the /tmp directory
http://www.wireshark.org/
http://www.wireshark.org/docs/man-pages/tshark.html
crem
More information about the Discuss
mailing list