Wireshark On Linux

Posted on by

I know it before when we tried to capture network packets using Wireshark we had to open the firewall rule just to allow RDP to the machine. Wireshark kept on crashing every day and even every few hours. Yes, we did use multiple files but still couldn’t avoid the crashing. It was Wireshark running on W2K Prof.

Few weeks ago, a customer asked me to install a wireshark and advised them the issue. I installed the machine, using wireshark on top of W2K Prof. The PC crashed after capturing 700MB of data within few hours. The other instance was quite lucky. 1.5GB data within 10 hours.

Not believing the fact that Wireshark keep crashing then I did some googling yet found practically nothing to resolve the issue.

This is where Linux comes to the rescue. Rather than getting something to install, I get Live CD that I can just run Wireshark.

After searching for a while I found Network Security Toolkit (NST) was quite interesting.

NST not only provides CD Iso but it also comes with DVD and even VMware version (need to use VMware player).

I downloaded NST, burned it to CD, loaded it, turned-on the ethernet, then it was running for 3 days, 64 files, 64MB without failed.

I wasn’t actually amazed, that is the actual standard we can expect for running Wireshark on Linux.

Problem solved. Don’t run Wireshark on Windows if you want to run it for a longer period of time.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>