> I intended to watch a TCP connection (live capture mode)and everything
> worked fine at packet level. Of course, it would be much more useful if
> I could see the contents of the TCP stream. Unfortunately I always get
> an error message that tells me, that I have to select a packet
> containing the TCP protocol, before. Because I have selected such a
> package, this message is not very useful.
Are you REALLY sure? We sometimes watch HTTP traffic and we have no
problems. But I think we still use 0.8.12...
> My second question is about speed. I captured about 50 packets in
> non-live mode (capture file size about 70kB) and the subsequent reading
> of the file took up to 10 seconds. Is this what I can expect at the
> system described above?
Have you disabled name lookup? I have seen that this will slow things
down considerably.
--
Andreas Sikkema
andreas.sikkema@xxxxxxxxxxx
"While you're waiting, read the free novel we sent you.
It's a Spanish story about a guy named `Manual'" - Dilbert
