Do any of you know if there is a way to configure wireshark so that it only
records unique coversations? For instance, if there is continuous HTTP
communication between a client IP and server IP, i would just like to record
that once, not every single instance.
The reason for this is that I just want to gather a record of all the
protocols being used by a device. I'd like to start running the capture and
come back a day or two later to see what's going on without worrying about
the pcap file ballooning to a multi gigabit file.
Thanks,
Matt
Blogs and organic groups at http://www.ccie.net
Received on Thu Aug 11 2011 - 09:49:40 ART
This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART