Y
Hacker News
new
|
ask
|
show
|
jobs
by
assafmo
2944 days ago
tshark always hogs my RAM and eventually crashes on > 4GB pcaps. I'd love to have a solution for this.
1 comments
lir
2944 days ago
Try dumpcap [0], also part of the Wireshark suite. It's the back-end engine used by the Wireshark GUI as well as tshark. tshark tracks state for streams the same way the GUI will and eats your RAM, whereas dumpcap is a dumb siphon (with filtering).
0:
https://www.wireshark.org/docs/man-pages/dumpcap.html
link
0: https://www.wireshark.org/docs/man-pages/dumpcap.html