Wireshark-users: Re: [Wireshark-users] how to start Wireshark automatically at each boot-up?
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 15 Jan 2010 10:15:05 -0800
On Jan 15, 2010, at 2:32 AM, Karthik Balaguru wrote:

> Is there a format of logging provided by wireshark that would consume
> very less space ?

There's no form of logging that will just log the *amount* of traffic captured.  There might be tools that will log that sort of information; it might, for example, be possible to get ntop:

	http://www.ntop.org/

to log it.

If you really need information about *every* packet on your network, rather than just summary information such as "every hour, show me how much traffic went to and from different IP addresses", you could try setting the snapshot length with the "-s" flag so that you only capture the IP header; you could also try to capture the TCP or UDP header if you want to know what port numbers were being accessed (so you could, for example, distinguish HTTP traffic from SMTP/POP/IMAP mail traffic from...).