I have a problem with a Windows 2003 server so wanted to run a Wireshark capture over night to capture some data. It's only traffic on one port to one IP address that I want to capture.
My main concern is that Wireshark will just grow and grow and when I leave it on overnight it will either cause the server to crash or something.
Does anyone know how I can restrict to the capture so that it only logs details for that port/ IP (I assume this will save space) and also I can tell it to cancel itself if the file gets too large/ it's taking up a lot of system resources?
Also, anything else I should be aware of?