Set up a capture filer for specific flow and it will capture accordingly.
For example:
*src host 10.1.1.1 **and dst host 10.2.2.2** and tcp dst portrange 200-10000
*
Vitali
On Thu, Aug 11, 2011 at 3:49 PM, Matt Sherman <matt.sherman2_at_gmail.com>wrote:
> Do any of you know if there is a way to configure wireshark so that it only
> records unique coversations? For instance, if there is continuous HTTP
> communication between a client IP and server IP, i would just like to
> record
> that once, not every single instance.
>
> The reason for this is that I just want to gather a record of all the
> protocols being used by a device. I'd like to start running the capture
> and
> come back a day or two later to see what's going on without worrying about
> the pcap file ballooning to a multi gigabit file.
>
> Thanks,
> Matt
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Aug 11 2011 - 16:57:53 ART
This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART