You will be filling up memory faster than you can flush ram to "disk", if you are trying to look at wide traffic patterns to diagnose an issue.
On Nov 13, 2017 11:38 AM, "Steve Jones" <[email protected]> wrote: > Ive always set wireshark to buffer 100mb and white incremental pcaps. are > you talking about the sd write for memory usage? > > On Mon, Nov 13, 2017 at 11:31 AM, Josh Reynolds <[email protected]> > wrote: > >> Recording traffic (headers) could easily exceed the write capability of >> the media. >> >> On Nov 13, 2017 11:28 AM, "Steve Jones" <[email protected]> >> wrote: >> >>> I have a voip pbx system issue im going to have to drop a long term >>> packet sniffer onto the network to catch an issue that only happens like >>> once in a month. So thats going to be alot of traffic (we have to capture >>> everything to see if the issue has to do with other network traffic, so I >>> cant even filter it out. >>> I was thinking about making a pi a sniffer and just hang a usb drive >>> off of it for the archive. >>> >>> I dont see running a sniffer would be all that great a resource drain. >>> >>> Any reason this would be a bad idea, i could see it being a good tool to >>> keep in our toolset. I just envision a little binder full of SD cards with >>> purpose builds and a handful of pis for a handy toolbox >>> >> >
