Wireshark captures are not meant to be run for a long period of time. As the others have said, take a 30 second - 1 minute capture, then look at what types of traffic you're getting. Then, if you think you're getting some superfluous information, setup a filter to exclude that, then do another capture, see if you're getting the same types of stuff. If you're only worried about seeing if your network is getting saturated, then I would suggest running MRTG, or PRTG, which will show you how much of your bandwidth you're actually using. It takes time to analyze the Wireshark captures, to really figure out what's going on in the network. Joe Heaton
________________________________ From: Rankin, James R [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2008 4:41 AM To: NT System Admin Issues Subject: Wireshark query I'm not a regular user of Wireshark and don't often get roped into looking at networking stuff, so apologies if this sounds a bit dippy... Would a capture file of approx 150MB/min thru Wireshark indicate a saturated network? I've connected a single laptop to the switch at a client site with the NIC in promiscuous mode and it is spewing out data to the extent that it has nearly filled the disk. The network is only 100M, so I'm thinking that it maybe has some serious issues. Most of the traffic seems to be to or from a single domain controller. Cheers, JR ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
