Subscribe to this feed

Although Wireshark is the best tool for protocol analysis, it is not the ideal tool for capturing packets on a 10 Gigabit network or a highly utilized 1 Gigabit network.

When debugging network issues, it is very important not to miss any packets in the trace file. I do not mean the packet loss, which is seen on the network itself but packets, which are dropped due to the limited capture performance of the Wireshark device. Dropped packets, due to capture performance, lead to misinterpretation and you will waste countless hours of troubleshooting without striking success.

The typical approach: a Do It Yourself (DIY) Wireshark solution is attractive due to its seemingly low up front cost. However the lack of hardware performance increases the chance not be able to capture all packets. The capture performance is either limited by the capture rate of the NICs and/or the continuous write-to-disk rate. And I’m not only referring here to capture a fully utilized 10 Gigabit link continuously. It are the spikes and microbursts which are the main cause that not all packets are captured to disk.

Wireshark is invaluable for packet analysis but capturing 10 Gigabit networks exhaust the DIY Wireshark solution. So what now?

In our troubleshooting services this is always a challenge. So our experienced consultants either reduce the traffic by applying a selective filter or deploy a solution with sustained write performance to ensure lossless capture.

A simple and effective solution to limit the packets is using the Network Visibility Switch FlowDirector. With FlowDirector you can flexible filter by VLAN, IP address, Port ranges etc.

In case this approach is not applicable, we deploy a Network Visibility Appliance like FlowMagic. It allows a scalable capture performance beyond 20 Gbps per network module and the linear scalable storage concept ensures lossless packet capture.

Missing packets in trace files are now a thing of the past. No more false insights and analysis time for the birds!

And last but not least FlowDirector and FlowMagic have an outstanding price-performance ratio.