3 Replies Latest reply on May 25, 2016 1:31 AM by xded

    Maximum Capture Size

    xded

      Hi,

       

      is there any solution to increase the maximum of the capture size on the Sensor? We have a NS9100 and in the documentaion is a maximum of 100MB but we want to increase this size is this possible?

       

      BR

        • 1. Re: Maximum Capture Size
          peter.mason

          Hi xded,

           

          I don't know any way to increase this above the maximum set by McAfee, if you can find a way to do it it is probably not support and would just cause more issues.

           

          Why do you need to increase the value over 100 Mb?

           

          Have you tried using the export to SCP server option? Can you continuously export the captures instead?

           

          Peter

          • 2. Re: Maximum Capture Size
            jvdavis456

            xded,

            The capture profile stops at 100mb for one file then another starts (based on the profile criteria) until it also reaches 100mb. In Wireshark you can merge multiple captures together. I'm not sure how many individual files can be saved but each file is uploaded to the manager upon creation.

             

            It is possible you may lose a packet or two or there may be some overlap but capturing that much data  for purposes of packet analysis you won't likely notice it. If you are looking to collect malware or other files from the traffic you would do better to set up a Linux server with TCP dump on a span port or if you have MWG you can use that too.

             

            I'd be interested in knowing how you decide to solve this so please respond when you are able.

            • 3. Re: Maximum Capture Size
              xded

              Hi,

              i use the standard in NSM i copy all pcap files to the manager an than in wireshark.