2010/1/25 Stan Hoeppner <s...@hardwarefreak.com>: [...] > This is rather interesting, and disheartening. I've just spent 30 minutes > playing with tshark and windump. For small file transfers, the presence of > the > capture tools running cuts the network interface performance in half. If I > copy > a 600MB file, the rate gradually increases to 10MB/s but only after about 45 > seconds. Given my limited outbound, I doubt anyone wishes to try to download > a > 600MB file from my server, nor analyze the contents of such a behemoth. > > What Windows capture tool is available that does not itself *cause* a further > performance problem in the act of capturing the data to solve one? This is a > ridiculous situation. This machine has a 2GHz AthlonXP CPU, 1GB RAM, and a > 120GB 7200RPM IDE disk. CPU for tshark or windump never exceeds 25%. Why are > these capture tools doing this? They've created a catch 22. I can't report > the > data without the capture, but the capture ruins the data. [...]
If you can find a spare box with two NICs in it, you could set up a Linux box as a bridge (even running from a live CD) and run tcpdump on that. Otherwise, maybe this helps: http://support.microsoft.com/kb/812953 Wireshark seems to be able to load Microsoft NetMon captures, so I think that should work too and might not cause the performance drop that tshark/windump (winpcap) do. -- Michael Wood <esiot...@gmail.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba