Wireshark-users: Re: [Wireshark-users] Intermittent Performance Problems - pcap output
From: "Cyril Spiro" <spiroc@xxxxxxxxxxxxxxx>
Date: Tue, 11 Nov 2008 21:46:36 -0500
Thanks for the suggestion. I believe this is the output that will be more helpful. See attached. spiroc -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of wireshark-users-request@xxxxxxxxxxxxx Sent: Tuesday, November 11, 2008 9:32 PM To: wireshark-users@xxxxxxxxxxxxx Subject: Wireshark-users Digest, Vol 30, Issue 24 Send Wireshark-users mailing list submissions to wireshark-users@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-users-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Re: Intermittent Performance Problems (Martin Visser) ---------------------------------------------------------------------- Message: 1 Date: Wed, 12 Nov 2008 13:31:29 +1100 From: "Martin Visser" <martinvisser99@xxxxxxxxx> Subject: Re: [Wireshark-users] Intermittent Performance Problems To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx> Message-ID: <b3739b0c0811111831j133490f9p48fc756017d4caf0@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="utf-8" Any chance of doing a "Save as" displyed packets (in pcap) format rather than printing displayed? On Wed, Nov 12, 2008 at 1:21 PM, Cyril Spiro <spiroc@xxxxxxxxxxxxxxx> wrote: > First of all, thanks to those who responded to my last post. The answers > were very helpful in educating me on interpreting the wireshark output. > > The last example was a random sample of a tcp stream which indicated a 1.3 > second duration from SYN to FIN ACK, with about 50% of the time used for > server processes and 50% for transporting data via the network. These > durations were within tolerable limits. > > In this new attached example, the user pointed us to a specific incident > which took 5 seconds between the time that he clicked the submit button on > the webpage and the screen refreshed. We confirmed the user's statement > with the wireshark output. The question is why? > > Can anyone see from the attached report what could have caused the delay? > Note, that this capture was exclusively for data between the users PC and > the server. We have the full tcpdump file for the day for the users PC, > but > it is very large (33MB). > > Also, please note that when the user submitted data in the same html form > at > different times of the day the duration was consistently significantly > shorter (<1s) and within tolerable limits. So, it appears that something > unique happened during the attached example. > > In summary, users are complaining that this intermittent slowness is > frustrating to them and the attached example is a rare glimpse into one of > these events. The most important question to answer at this time is can we > tell if the delay is being caused by the server or by the network? > > Thanks in advance for your help, > spiroc > > > -----Original Message----- > From: wireshark-users-bounces@xxxxxxxxxxxxx > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of > wireshark-users-request@xxxxxxxxxxxxx > Sent: Monday, November 10, 2008 5:42 AM > To: wireshark-users@xxxxxxxxxxxxx > Subject: Wireshark-users Digest, Vol 30, Issue 17 > > Send Wireshark-users mailing list submissions to > wireshark-users@xxxxxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > https://wireshark.org/mailman/listinfo/wireshark-users > or, via email, send a message with subject or body 'help' to > wireshark-users-request@xxxxxxxxxxxxx > > You can reach the person managing the list at > wireshark-users-owner@xxxxxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Wireshark-users digest..." > > > Today's Topics: > > 1. Not need to save packet data (Adisak) > 2. Re: Not need to save packet data (j.snelders@xxxxxxxxxx) > 3. Re: Intermittent Performance Problems on (Martin Visser) > 4. Re: Not need to save packet data (Jaap Keuter) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 10 Nov 2008 08:34:32 +0700 > From: "Adisak" <adisak@xxxxxxxxxxx> > Subject: [Wireshark-users] Not need to save packet data > To: "'Community support list for Wireshark'" > <wireshark-users@xxxxxxxxxxxxx> > Message-ID: <200811100136.mAA1aMBV026303@xxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="us-ascii" > > Hi all, > > I'm very new for Wireshark. > > > > I've download and used Wireshark on a few day ago. > > I'll use Wireshark in my company for check the traffic of proxy server. > > But, I'd like to collect only Time, IP address both source and Destination, > Protocol type and information only. > > Not need to save packet data, Because log file will growth big in a shortly > time. > > I've try to setting Wireshark for from 2 days ago but I can't. > > Anyone have an idea for my question? > > > > P.S. I used Wireshark on windows. > > > > Best Regards, > > Adisak > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > http://www.wireshark.org/lists/wireshark-users/attachments/20081110/ee6f18e8 > /attachment.html<http://www.wireshark.org/lists/wireshark-users/attachments/ 20081110/ee6f18e8/attachment.html> > > ------------------------------ > > Message: 2 > Date: Mon, 10 Nov 2008 06:20:26 +0100 > From: j.snelders@xxxxxxxxxx > Subject: Re: [Wireshark-users] Not need to save packet data > To: adisak@xxxxxxxxxxx, "Community support list for Wireshark" > <wireshark-users@xxxxxxxxxxxxx> > Message-ID: <481B206B000A3AFE@xxxxxxxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="US-ASCII" > > Hi Adisak, > > You can use the option: Limit each packet to 68 bytes. > You'll find it at > Capture -> Capture Options > > Thanks > Joan > > >To: "'Community support list for Wireshark'" > <wireshark-users@xxxxxxxxxxxxx> > On Mon, 10 Nov 2008 08:34:32 +0700 Adisak Wrote: > >Hi all, > > > >I'm very new for Wireshark. > > > > > > > >I've download and used Wireshark on a few day ago. > > > >I'll use Wireshark in my company for check the traffic of proxy server. > > > >But, I'd like to collect only Time, IP address both source and > Destination, > >Protocol type and information only. > > > >Not need to save packet data, Because log file will growth big in a > shortly > >time. > > > >I've try to setting Wireshark for from 2 days ago but I can't. > > > >Anyone have an idea for my question? > > > > > > > >P.S. I used Wireshark on windows. > > > > > > > >Best Regards, > > > >Adisak > > > > > > > >_______________________________________________ > >Wireshark-users mailing list > >Wireshark-users@xxxxxxxxxxxxx > >https://wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > ------------------------------ > > Message: 3 > Date: Mon, 10 Nov 2008 16:30:21 +1100 > From: "Martin Visser" <martinvisser99@xxxxxxxxx> > Subject: Re: [Wireshark-users] Intermittent Performance Problems on > To: "Community support list for Wireshark" > <wireshark-users@xxxxxxxxxxxxx> > Message-ID: > <b3739b0c0811092130s45347b93va3d53d24f51f044b@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=UTF-8 > > Cyril, > > Rather than sending the text output, it is probably more useful to > send the pcap capture file (unless you have private data you need to > obscure) > > Only seeing one side makes it a little hard (make sure filter includes > client and server as both source and destination), however what can be > gleaned is :- > > 1. The connection response (3-way handshake SYN/SYN-ACK/ACK) is 1.4ms > (packet 1822-1821). This indicates your server is physically close and > the TCP stack is responsive > 2. Your client issued a HTTP GET straight after (packet 1823) and then > ACKed the first bytes from the server response in less then 594ms > (packet 1839 - 1823). More that likely your server won't start sending > data until it has finished the backend database server transaction, > but that is totally dependent on how you web app is built. So it is > likely this is your server processing time > 3. You received the last byte from that stream sometime before packet > 1873. Thus time from first byte to last byte received is approximately > 665ms. This is the time of flight of your received data. The ACKs show > that your received 56152 bytes in that time, thus your throughput was > 84430 Bps or 675Kbps. This may be good or bad depending on your > network pipe between client and servers and how much concurrent usage > occurred. > > So for your transaction I would conclude around half of the time was > backend processing (the 594ms) and half simply filling the available > pipe with your data (the 665ms) > > > (Note at packet 95288 your reused the TCP port 2398 some hours later - > so this is from another session to the first) > > > Regards, Martin > > > On Mon, Nov 10, 2008 at 1:04 AM, Cyril Spiro <spiroc@xxxxxxxxxxxxxxx> > wrote: > > Ryan, > > > > Thank you for your response. > > > > I have followed your recommendation and taken a snap shot of one TCP > stream > > during a period when the users stated the intranet-based web application > was > > slow. > > > > Attached is a sample of one TCP Stream which took 1.3 seconds. I provide > > this as an example for assistance in interpreting the Wireshark results. > > > > What surprised me is that all packets indicate communication from > > 192.168.0.221 (client) to 192.168.0.150 (server) and none in the other > > direction. > > > > Again, our goal is to know if this screen rendering took 1.3 seconds > because > > the server was busy processing the request (database calls, etc.) or if > the > > network was jammed outside of the server. > > > > Any insight that you can provide on how to read the results in order to > > answer this question is much appreciated. > > > > spiroc > > > > > > > > -----Original Message----- > > From: wireshark-users-bounces@xxxxxxxxxxxxx > > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of > > wireshark-users-request@xxxxxxxxxxxxx > > Sent: Thursday, November 06, 2008 7:12 PM > > To: wireshark-users@xxxxxxxxxxxxx > > Subject: Wireshark-users Digest, Vol 30, Issue 11 > > > > Send Wireshark-users mailing list submissions to > > wireshark-users@xxxxxxxxxxxxx > > > > To subscribe or unsubscribe via the World Wide Web, visit > > https://wireshark.org/mailman/listinfo/wireshark-users > > or, via email, send a message with subject or body 'help' to > > wireshark-users-request@xxxxxxxxxxxxx > > > > You can reach the person managing the list at > > wireshark-users-owner@xxxxxxxxxxxxx > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of Wireshark-users digest..." > > > > > > Today's Topics: > > > > 1. Re: tshark creates files in temp dir (j.snelders@xxxxxxxxxx) > > 2. Re: tshark creates files in temp dir (Al Aghili) > > 3. Re: tshark creates files in temp dir (Stephen Fisher) > > 4. Re: tshark creates files in temp dir (Al Aghili) > > 5. Re: tshark creates files in temp dir (Stephen Fisher) > > 6. Re: tshark creates files in temp dir (Guy Harris) > > 7. Re: tshark creates files in temp dir (Al Aghili) > > 8. Re: Intermittent Performance Problems on Intranet (Ryan Zuidema) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Thu, 6 Nov 2008 21:26:45 +0100 > > From: j.snelders@xxxxxxxxxx > > Subject: Re: [Wireshark-users] tshark creates files in temp dir > > To: "Community support list for Wireshark" > > <wireshark-users@xxxxxxxxxxxxx> > > Message-ID: <481B3765000A0AD6@xxxxxxxxxxxxxxxxxxxxxxxxxx> > > Content-Type: text/plain; charset="US-ASCII" > > > > Hi Al, > > > > I think that you have to define an output file: > > $ tshark -i 2 -w output.cap > > > > HTH > > Joan > > > > On Thu, 6 Nov 2008 10:39:32 -0700 Al Aghili wrote: > >>Subject: [Wireshark-users] tshark creates files in temp dir > >> > >>Hi, > >>When we run tshark on windows it sometimes creates these large files in > >>Windows/temp directory that start with "ether". Is there a way to turn > >>this off? > >> > >>Thanks > >>Al > >> > >> > >>_______________________________________________ > >>Wireshark-users mailing list > >>Wireshark-users@xxxxxxxxxxxxx > >>https://wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > > > > > > > > > ------------------------------ > > > > Message: 2 > > Date: Thu, 6 Nov 2008 14:08:19 -0700 > > From: "Al Aghili" <aaghili@xxxxxxxxxxxxxxxxxx> > > Subject: Re: [Wireshark-users] tshark creates files in temp dir > > To: "'Community support list for Wireshark'" > > <wireshark-users@xxxxxxxxxxxxx> > > Message-ID: <00b601c94053$cf285540$2602a8c0@AlDell01> > > Content-Type: text/plain; charset="us-ascii" > > > > Hi, > > We're running tshark with the following command. > > tshark -i 2 -V -l > > > > Then we read the standard out so we don't want to create an output file. > > > > > > Thanks > > Al > > > > -----Original Message----- > > From: wireshark-users-bounces@xxxxxxxxxxxxx > > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of > > j.snelders@xxxxxxxxxx > > Sent: Thursday, November 06, 2008 1:27 PM > > To: Community support list for Wireshark > > Subject: Re: [Wireshark-users] tshark creates files in temp dir > > > > Hi Al, > > > > I think that you have to define an output file: > > $ tshark -i 2 -w output.cap > > > > HTH > > Joan > > > > On Thu, 6 Nov 2008 10:39:32 -0700 Al Aghili wrote: > >>Subject: [Wireshark-users] tshark creates files in temp dir > >> > >>Hi, > >>When we run tshark on windows it sometimes creates these large files in > >>Windows/temp directory that start with "ether". Is there a way to turn > >>this off? > >> > >>Thanks > >>Al > >> > >> > >>_______________________________________________ > >>Wireshark-users mailing list > >>Wireshark-users@xxxxxxxxxxxxx > >>https://wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > > > > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@xxxxxxxxxxxxx > > https://wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > ------------------------------ > > > > Message: 3 > > Date: Thu, 6 Nov 2008 14:39:25 -0700 > > From: Stephen Fisher <stephentfisher@xxxxxxxxx> > > Subject: Re: [Wireshark-users] tshark creates files in temp dir > > To: Community support list for Wireshark > > <wireshark-users@xxxxxxxxxxxxx> > > Message-ID: <20081106213925.GA40586@shadow.local> > > Content-Type: text/plain; charset=us-ascii > > > > On Thu, Nov 06, 2008 at 10:39:32AM -0700, Al Aghili wrote: > > > >> When we run tshark on windows it sometimes creates these large files > >> in Windows/temp directory that start with "ether". Is there a way to > >> turn this off? > > > > These files are used for temporarily storing captured data for the > > session that you run tshark for. They should be deleted when tshark is > > closed and able to quit gracefully. They cannot be turned off. What > > version of tshark/Wireshark are you using? How are you stopping tshark? > > > > > > Steve > > > > > > > > ------------------------------ > > > > Message: 4 > > Date: Thu, 6 Nov 2008 16:01:40 -0700 > > From: "Al Aghili" <aaghili@xxxxxxxxxxxxxxxxxx> > > Subject: Re: [Wireshark-users] tshark creates files in temp dir > > To: "'Community support list for Wireshark'" > > <wireshark-users@xxxxxxxxxxxxx> > > Message-ID: <00c201c94063$a2dc8230$2602a8c0@AlDell01> > > Content-Type: text/plain; charset="us-ascii" > > > > We're stopping it by killing the tshark process through a kill command > > which I would think is not graceful. How do you recommend killing tshark > > programmatically? > > > > Thanks > > Al > > > > -----Original Message----- > > From: wireshark-users-bounces@xxxxxxxxxxxxx > > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen > > Fisher > > Sent: Thursday, November 06, 2008 2:39 PM > > To: Community support list for Wireshark > > Subject: Re: [Wireshark-users] tshark creates files in temp dir > > > > On Thu, Nov 06, 2008 at 10:39:32AM -0700, Al Aghili wrote: > > > >> When we run tshark on windows it sometimes creates these large files > >> in Windows/temp directory that start with "ether". Is there a way to > >> turn this off? > > > > These files are used for temporarily storing captured data for the > > session that you run tshark for. They should be deleted when tshark is > > closed and able to quit gracefully. They cannot be turned off. What > > version of tshark/Wireshark are you using? How are you stopping tshark? > > > > > > Steve > > > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@xxxxxxxxxxxxx > > https://wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > ------------------------------ > > > > Message: 5 > > Date: Thu, 6 Nov 2008 16:24:58 -0700 > > From: Stephen Fisher <stephentfisher@xxxxxxxxx> > > Subject: Re: [Wireshark-users] tshark creates files in temp dir > > To: Community support list for Wireshark > > <wireshark-users@xxxxxxxxxxxxx> > > Message-ID: <20081106232458.GA44378@shadow.local> > > Content-Type: text/plain; charset=us-ascii > > > > On Thu, Nov 06, 2008 at 04:01:40PM -0700, Al Aghili wrote: > > > >> We're stopping it by killing the tshark process through a kill command > >> which I would think is not graceful. How do you recommend killing > >> tshark programmatically? > > > > I assume you're using some sort of Unix? In that case, SIGTERM (15), > > SIGINT (2) and SIGHUP (1) are caught and should result in a graceful > > shutdown of tshark. A SIGKILL (9) is not catchable and forces tshark to > > quit immediately. Which are you using? > > > > > > Steve > > > > > > > > ------------------------------ > > > > Message: 6 > > Date: Thu, 6 Nov 2008 15:53:21 -0800 > > From: Guy Harris <guy@xxxxxxxxxxxx> > > Subject: Re: [Wireshark-users] tshark creates files in temp dir > > To: Community support list for Wireshark > > <wireshark-users@xxxxxxxxxxxxx> > > Message-ID: <7EA5C406-16B1-4425-969B-87EC2FB1BFD3@xxxxxxxxxxxx> > > Content-Type: text/plain; charset=WINDOWS-1252; format=flowed; > > delsp=yes > > > > > > On Nov 6, 2008, at 9:39 AM, Al Aghili wrote: > > > >> When we run tshark on windows it sometimes creates these large files > >> in Windows/temp directory that start with ?ether?. Is there a way to > >> turn this off? > > > > Currently, no. TShark runs dumpcap to do the traffic capture, and > > currently, if you run it without the "-w" flag, tells dumpcap to write > > to a temporary file, and reads from the temporary file. > > > > At some point it should be changed to, in that case, have dumpcap > > write the packets on a pipe, and read from the pipe. > > > > When you terminate TShark with ^C, then it should get rid of the > > file. Is the problem that the file exists while the capture is being > > done (in which case there's currently nothing you can do to stop it), > > or that the file remains around after you terminate TShark? > > > > ------------------------------ > > > > Message: 7 > > Date: Thu, 6 Nov 2008 16:59:18 -0700 > > From: "Al Aghili" <aaghili@xxxxxxxxxxxxxxxxxx> > > Subject: Re: [Wireshark-users] tshark creates files in temp dir > > To: "'Community support list for Wireshark'" > > <wireshark-users@xxxxxxxxxxxxx> > > Message-ID: <00c701c9406b$aeec7460$2602a8c0@AlDell01> > > Content-Type: text/plain; charset="us-ascii" > > > > Guy, > > I think we may have to manually delete the files after we kill the > > tshark process. That was the problem I think. There were files left over > > because we are killing the process programmatically (not ^C). > > > > In a high traffic environment these files tend to get very big. So your > > solution to write the packets on a pipe might work best in the future. > > > > At the same time if that increases the ram consumption then that's a > > bigger problem because right now its on disk. > > > > Thanks for the help. > > > > Al > > > > -----Original Message----- > > From: wireshark-users-bounces@xxxxxxxxxxxxx > > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris > > Sent: Thursday, November 06, 2008 4:53 PM > > To: Community support list for Wireshark > > Subject: Re: [Wireshark-users] tshark creates files in temp dir > > > > > > On Nov 6, 2008, at 9:39 AM, Al Aghili wrote: > > > >> When we run tshark on windows it sometimes creates these large files > >> in Windows/temp directory that start with "ether". Is there a way to > >> turn this off? > > > > Currently, no. TShark runs dumpcap to do the traffic capture, and > > currently, if you run it without the "-w" flag, tells dumpcap to write > > to a temporary file, and reads from the temporary file. > > > > At some point it should be changed to, in that case, have dumpcap > > write the packets on a pipe, and read from the pipe. > > > > When you terminate TShark with ^C, then it should get rid of the > > file. Is the problem that the file exists while the capture is being > > done (in which case there's currently nothing you can do to stop it), > > or that the file remains around after you terminate TShark? > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@xxxxxxxxxxxxx > > https://wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > ------------------------------ > > > > Message: 8 > > Date: Thu, 6 Nov 2008 17:13:14 -0700 > > From: "Ryan Zuidema" <Ryan.Zuidema@xxxxxxxxxxx> > > Subject: Re: [Wireshark-users] Intermittent Performance Problems on > > Intranet > > To: "'Community support list for Wireshark'" > > <wireshark-users@xxxxxxxxxxxxx> > > Message-ID: <000d01c9406d$a0661f70$e1325e50$@Zuidema@xxxxxxxxxxx> > > Content-Type: text/plain; charset="us-ascii" > > > > Spiro, > > > > > > > > Yes that is exactly what Wireshark is good for, and for a beginner that > is > > an excellent place to start. You will want to capture off of a > mirrored/span > > port to begin with if possible. Running a live capture on the server > could > > use up more resources, and potentially give you a false reading. If you > have > > to capture on the server, you will need to run a simultaneous capture on > an > > affected client as well. > > > > > > > > Take a capture and pay attention to the timing between request and > response > > from the server. > > > > > > > > Ryan Zuidema > > > > > > > > > > > > > > > > From: wireshark-users-bounces@xxxxxxxxxxxxx > > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Cyril Spiro > > Sent: 2008-11-06 07:04 > > To: wireshark-users@xxxxxxxxxxxxx > > Subject: [Wireshark-users] Intermittent Performance Problems on Intranet > > > > > > > > Hi, I'm a newbie to Wireshark :) > > > > > > > > Our users on our Intranet are stating that their Web Application can get > > slow at times. If we run Wireshark on the Web server can we use it to > > determine if the packets are being slowed down once they have gotten in > the > > Web server (ie, slow database calls, etc.) versus outside of the Web > server > > on the network? > > > > > > > > Thanks, > > > > spiroc > > > > > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: > > > > http://www.wireshark.org/lists/wireshark-users/attachments/20081106/7832f296 > > /attachment.htm > > > > ------------------------------ > > > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@xxxxxxxxxxxxx > > https://wireshark.org/mailman/listinfo/wireshark-users > > > > > > End of Wireshark-users Digest, Vol 30, Issue 11 > > *********************************************** > > > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@xxxxxxxxxxxxx > > https://wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > -- > Regards, Martin > > MartinVisser99@xxxxxxxxx > > > ------------------------------ > > Message: 4 > Date: Mon, 10 Nov 2008 10:33:58 +0000 > From: Jaap Keuter <jaap.keuter@xxxxxxxxx> > Subject: Re: [Wireshark-users] Not need to save packet data > To: "adisak@xxxxxxxxxxx" <adisak@xxxxxxxxxxx>, Community support list > for Wireshark <wireshark-users@xxxxxxxxxxxxx> > Message-ID: <3B15585E-4FAD-4399-ADF9-A4C85A46D86F@xxxxxxxxx> > Content-Type: text/plain; charset="utf-8" > > Hi, > > Since Wireshark is intended for deep level packet inspection this may > not be the right tool for you. Have a look at the tools page on the > wiki, for instance at ntop. > > Thanx, > Jaap > > Sent from my iPhone > > On 10 nov 2008, at 01:34, "Adisak" <adisak@xxxxxxxxxxx> wrote: > > > Hi all, > > > > I?m very new for Wireshark. > > > > > > > > I?ve download and used Wireshark on a few day ago. > > > > I?ll use Wireshark in my company for check the traffic of proxy serv > > er. > > > > But, I?d like to collect only Time, IP address both source and Desti > > nation, Protocol type and information only. > > > > Not need to save packet data, Because log file will growth big in a > > shortly time. > > > > I?ve try to setting Wireshark for from 2 days ago but I can?t. > > > > Anyone have an idea for my question? > > > > > > > > P.S. I used Wireshark on windows. > > > > > > > > Best Regards, > > > > Adisak > > > > > > > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@xxxxxxxxxxxxx > > https://wireshark.org/mailman/listinfo/wireshark-users > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > > http://www.wireshark.org/lists/wireshark-users/attachments/20081110/2e610c78 > /attachment.htm<http://www.wireshark.org/lists/wireshark-users/attachments/2 0081110/2e610c78/attachment.htm> > > ------------------------------ > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > > > End of Wireshark-users Digest, Vol 30, Issue 17 > *********************************************** > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > > -- Regards, Martin MartinVisser99@xxxxxxxxx -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20081112/4d6b9ca7 /attachment.htm ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 30, Issue 24 ***********************************************
[ Contents removed ]
- Prev by Date: Re: [Wireshark-users] Intermittent Performance Problems
- Next by Date: Re: [Wireshark-users] Intermittent Performance Problems
- Previous by thread: Re: [Wireshark-users] Intermittent Performance Problems - part 2
- Next by thread: [Wireshark-users] [Urgent ] Need pcap file
- Index(es):