This is why, if you're wiresharking a very busy server just to observe one specific flow or process, it is essential to set reasonable capture filters. IIRC, Wireshark dumps its packet caps to disk (so it doesn't go OOM), so probably the bottleneck that occurs with 'too wide' capture filters is with your disk subsystem having to log everything going on on your network interface.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |