Using TCPDUMP to Capture and Analyse Packets

posted in General, Technical
by on August 30th, 2009 tags: , , ,

Recently we needed to analyze packet flow through a router which had roughly 1000+ DSL customers running through. Initially we used Wireshark, but Wireshark has a nasty habit of crashing when trying to analyze so many packets and sessions. In fact this bug is a known bug and can be viewed here:

Our capture server was initially running Windows 2003 with only 1GB of ram. This lasted roughly an hour or less capturing before dying. We upgraded the ram to 4GB but the server would still crash, albeit after about 2 hours now.

